IJMC - Microsoft's Deluge of Security Holes Continues

Last week I spent a fair amount of time trying to find an older copy of 
one of Microsoft's products, Internet Explorer. Since I generally use 
Netscape as my browser I do not keep up too much on the various patches 
available for Microsoft's competing product. I will simply say I was 
amazed at how many different security patches there were for Internet 
Explorer 4.x...and I already know of the multitudinous security holes 
existing between the various Microsoft operating systems. So this 
message, sent to me by a friend at CNN, simply did not suprise me. Of 
course, I do not have a Hotmail account...which helps.            -dave


Ok gang. This is not an urban legend and this is not spam. This is true. I
know that all spams say , "this is true," but I was sitting behind the
Technology editor and the senior editor when the story broke and saw it
tested. Read on.



                  Web site provides access to
                  millions of Hotmail messages

                  August 30, 1999
                  Web posted at: 10:37 a.m. EDT (1437 GMT)

                  (CNN) -- Millions of free Internet
                  e-mail accounts provided by
                  Microsoft's Hotmail service were
                  susceptible to a major security breach
                  that allowed access Monday to users'
                  accounts. 

                  The breach worked via a simple Web
                  address which prompted for a
                  Hotmail username. Once the
                  username was entered, the Hotmail
                  account came up and the mailbox was
                  available. 

                  The hack opened all accounts tested
                  by CNN Interactive, but e-mail
                  messages couldn't always be opened.
                  There was no immediate information
                  on how long the breach has been
                  active. 

                  The breach allows users to read and
                  forward a member's old messages, read
                  new messages and send e-mail in
                  some cases under the name of the user
                  -- assuming the member's identity. 

                  Hotmail boasts 40 million subscribers. 

                  A morning telephone call made to the
                  public relations firm that handles
                  Microsoft's publicity was referred to
                  Microsoft's main number in Redmond,
                  Washington. 

                  That call was forwarded by an operator
                  to Microsoft's Corporate Security
                  Desk. "You should send that to
                  abuse@hotmail.com. " said Greg
                  Betcher, at that desk. 

                  Erik Barkel, of Stockholm, Sweden, was
                  listed in the domain name directory
                  Internic as the administrator for the
                  Web site's domain, but a call to his
                  number did not go through.