Archive of UserLand's first discussion group, started October 5, 1998.

Re:HotMail Hole: MSN Mess design?

Author:David Valentine
Posted:8/30/1999; 1:22:09 PM
Topic:Tim Bray on the HotMail Hole
Msg #:10262 (In response to 10259)
Prev/Next:10261 / 10263

Why not critize them for poorly designed security?

This cgi was designed for MSN Mess. Is this the same CGI that exposed passwords, from MSN Mess, earlier in the month?

If so, then MS has a lot of explaining to do. Just rewriting the cgi to not need a password, and leaving it there while you decide how to attack it, is an example of ...

AOL was probably right in accusing MSN of being a security problem. Only problem was the the security problem was really targeted at MS Hotmail and not AOL.




This page was archived on 6/13/2001; 4:52:17 PM.

© Copyright 1998-2001 UserLand Software, Inc.