Youth against Internet censorship
"It's not a crime to be smarter than your parents."
-Bennett Haselton, firstname.lastname@example.org
News sightings: Wired | ZDNet | Slashdot | MSNBC
Eudora "stealth attachment" demo page (4/27/00) C-Net | ZDNet | Newsbytes |
"Fake mail form" security hole for Web-based email sites (5/9/00) C-Net
This page describes a security hole in HotMail that allows an intruder to break into someone's HotMail account by sending that person an email message with an attached HTML file. When the user views the attached HTML file, their cookies in the HotMail.MSN.com domain are intercepted and sent to a hostile site; since the cookies are used for authentication, whoever receives them can then log into HotMail as that user.
There is no demo available, since this exploit will almost certainly become obsolete as soon as HotMail fixes the problem.
However, it turns out that there are only six different IP addresses that are used to load attached HTML files, and all of them correspond to hostnames that are in the .hotmail.msn.com domain: