New Security Flaw In Hotmail

An Israeli computer science student has discovered a new security vulnerability in MS Hotmail. Using Cross Site Scripting delivered to a target using a crafted link in an email message. The malicious code then sends the user's Hotmail cookie with the session information to the attacker.

At this point the attacker can log in to the victimís email account, take control of that account, read emails and contacts and also reset the password. Whitedust Security Portal - New Security Flaw In Hotmail

Linked by shanmuga Tuesday, 29th August 2006 1:08AM