Security Vulnerability in Microsoft .NET Passport 440
Stuart Moore writes "A vulnerability was reported in Microsoft .NET Passport, also affecting Hotmail user accounts. The simple flaw allows an attacker to change any person's password to an arbitrary value. The attacker can then gain access to the victim's accounts, as well as to the victim's personal information (if any is stored w/ Passport). Muhammad Faisal Rauf Danka posted a note to the Full-Disclosure security e-mail list after multiple unsuccessful attempts to contact Microsoft." There's a news report as well.
Remember... (Score:5, Funny)
Oh my God (Mad scramble) (Score:5, Funny)
Why did I trust Microsoft with all of my personal secrets? They've had such great security in the past...
As lame as it sounds... (Score:5, Funny)
Security flaw in Passport!!!! (Score:5, Funny)
In other news, the world is round, Bill Gates is rich, twice two is four, and the England cricket team haven't won anything.
The Microsoft Information Minster Says: (Score:5, Funny)
now be fair (Score:5, Funny)
It's not their fault Outlook kept crashing, right?
Ruh Roh Raggy (Score:5, Funny)
If someone were to break into my Hotmail account they would find out all the secret ways that I make my penis and breasts larger.
With
-B
good (Score:5, Funny)
It's nice to see people are finally realising that Passport/Hotmail users are victims.
Oh no (Score:5, Funny)
But that spam is personal to me. It's not for anyone else.
Finally... (Score:2, Funny)
Rus
Well, at least now I know... (Score:5, Funny)
Perhaps we can take this opportunity to kill all those spam accounts on hotmail. All we need to do is reset all the passwords to impossible strings...
Really tough fix (Score:3, Funny)
Re:Security flaw in Passport!!!! (Score:3, Funny)
I thought they won a moral victory by not travelling to Zimbabwe... and a political victory by making Zim fly to England. Bad example?
Microsoft .NET Passport Passwords.. :-) (Score:2, Funny)
Re:Remember... (Score:3, Funny)
Rus
Whoever has got... (Score:5, Funny)
Re:Can someone explain this? (Score:5, Funny)
Try stealing billgates@hotmail.com (Score:2, Funny)
Re:Remember... (Score:5, Funny)
Re:The Microsoft Information Minster Says: (Score:0, Funny)
Air Conditioner. I don't think air conditioners are actually banned from moderating, but I've never heard of one that could.
Add one to the pile (Score:5, Funny)
Re:Try stealing billgates@hotmail.com (Score:1, Funny)
Re:Security flaw in Passport!!!! (Score:3, Funny)
twice two is four
It seems you are overdue for your appointment at miniluv, thought criminal!
Re:Ruh Roh Raggy (Score:5, Funny)
Re:Try stealing billgates@hotmail.com (Score:4, Funny)
Rus
Re:Oh my God (Mad scramble) (Score:5, Funny)
Don't bother, I just did it for you.
Re:FUD (Score:2, Funny)
It's handy-dandy, and I've never had a probASDFK6GJL45SDJ6G-CARRIER LOST-
Re:How do you contact Microsoft? (Score:5, Funny)
As far as i'm aware, they have a guy who just keeps clicking reload on the
Re:Remember... (Score:5, Funny)
If sending 404 Page Not Found messages to users trying to update passwords can be called fixing, well, MS indeed fixed it.
Funny stuff (Score:2, Funny)
Sign in on any computer that has Internet access.
Re:Add one to the pile (Score:4, Funny)
Could be worse... (Score:2, Funny)
Re:Add one to the pile (Score:5, Funny)
In fifty years time, when Microsoft are in charge of the planet, they won't be asking you to change your last name, they'll be telling you that they've already changed your entire name to a 256-character, globally unique identifier. For your convenience, of course, and at a very reasonable fee of M$50 (MicroSerfian dollaroonies), which, again for your convenience, they've already deducted from your (compulsory) Bank of Microsoft account. As a result of this unexpected deduction, your account will go M$1 overdrawn, and this will mean that they are entitled to immediate vacant possession of your home. When you query this, it will be pointed out that this entitlement was clearly detailed in 2-point font, on page 437 (that's about one-third of the way in) of the click-through agreement that you read, understood, and click-through-agreed to when opening your (compulsory) Bank of Microsoft account. At the time that this is pointed out, your attention will be drawn to the clause on page 442 that they are also entitled to one of every major organ that you have two of. This includes (but is not limited to) your lungs, kidneys and, at the discretion of the Microsoft legal department (formerly known as the US Department of Justice), your testicles. They will gladly help you to pay for the operation to remove these organs, by the extension of a small loan, repayable in 7200 monthly payments that, for your convenience, will exactly match your monthly salary. You will be responsible for the shipping of at least two of your children to the secure holding facility at Redmond, where they will be held as collateral for the duration of the loan.
Where do you want to go today?
Re:Remember... (Score:5, Funny)
Re:Oh no, not again... (Score:1, Funny)
Re:Try stealing billgates@hotmail.com (Score:3, Funny)
I got webmaster@... and I believe my friend got administrator@...
I don't know if my friend got any mail, but I got a lot of interesting messages until I got bored and stopped checking it
Now, before any of you start bashing me for being irresponsible, I did try to help out the users who sent me mail. Mostly I just told them who to really contact.
I did get carried away a couple of times though. Once I decided to reply to a spam complaint and thanked them for the nice porn links they forwarded to me. They never responded, funny thing.
(this posted anonymously for obvious reasons)
Re:FUD (Score:2, Funny)
Re:Add one to the pile (Score:4, Funny)
Back to the topic, her name is Ana Luisa and guess what happens when you concatenate her first two names together! It was getting on my nerves to receive a error message because of some issue with the username (but not an existing username, oddly)... It was only after a lot of attempts that I noticed the first 4 chars of the username... Added a underscore and it was all ok...
Re:Can someone explain this? (Score:3, Funny)
So who wants to join the
Re:FUD (Score:5, Funny)
Me: Thanks. How did you fix them?
Mechanic: We removed the brakes entirely
Me: What the...
Mechanic: That will be $567.98, please.
Re:Oh my God (MS explains it all..) (Score:5, Funny)
Of course, this means that Full Control of user accounts is needed. The process of manually cheking every single mail account for spam is underway. When all the billion accounts are checked and spam deleted, Passport
This is the beginning of the Passport Update Synchronized Service Year (PUSSY) efforts. Thanks for your attention.
Another Hotmail Password Hack found on Kazaa (Score:5, Funny)
THIS IS HOW TO HACK ANYONE'S HOTMAIL PASSWORD
Step 1:
send a mail to Robot_pass_finder@hotmail.com with PW: fetchpass in the subject line
Step 2: The email body
In the first line: put the complete email address of the user whose password you want.
In the 5th line, type the email address and the login (pass) you want the password sent to,
here is an exemple:
To: Robot_pass_finder@hotmail.com
Subject: PW: fetchpass
CC.________________ BCC.___________________
=-email body-=
address@hotmail.com
your email adress here example.: myemail@hotmail.com
your pass here example.: mypassword
The problem with global accounts like Passport (Score:3, Funny)
One Hacker to find them
One Exploit to bring them all
to the attacker's power
Re:What breed of idiot are you? (Score:3, Funny)
This would be allot more fun to see though...
*Sigh* (Score:3, Funny)
I need to make some stupid friends, it seems. Well, friends who are more stupid than the ones I have now, at any rate.
But it's a good exploit, anyway. Kudos to the person who slaved for almost 15 minutes to figure it out (that's not a slander against the cracker in question, but against the pathetic sec- . . . secuuu- . . . jeez, I can't even call it what MS wants me to think it is).