29th April 2012, 11:52 #1
Hotmail fixes serious security bug caused by Firefox addon
Microsoft has rushed out a fix for a serious bug in its Hotmail webmail services. The bug allowed a hacker to reset the password for a Hotmail account, locking out its owner and giving the attacker access to the inbox.
Using add-on tools for the Firefox browser, hackers realised they could tamper with the data passing between a user and Hotmail servers in a way that handed them control over an account they targeted. The exploit in itself was a very simple one. It involves using a Firefox addon called Tamper Data which allows the the user to intercept the outgoing HTTP request from the browser in real time and modify the data.
As knowledge of the bug spread, some started offering to hack accounts for cash and others posted YouTube videos of Hotmail accounts being taken over in real time.
Via BBC News - Quick fix for Hotmail password bug Details New Hotmail Exploit Can Get any Hotmail Email Account Hacked for just 20$ | Whitec0de.com.