HOLE-Y HOTMAIL, BATMAN!

or otherwise, doesn't need: yet another way to break into the already-battered Hotmail.

But the same Bulgarian computer wonk who found the breach which brought Hotmail down for a notorious spell last month has now found, apparently, that Hotmail lets Web-paged embedded Java script code run automatically.

And guess what, ladies and gentlemen - that makes it possible for someone to write Web programs, ZDNet says, which can do anything from purloin passwords to read someone else's mail. And it's easier than you think - Hotmail doesn't handle the new HTML tag STYLE, ZDNet says, which Java programmers and Web weavers use to insert Java script into HTML pages.

This time, though, Microsoft isn't accepting the ownership papers on the problem. The company, which owns Hotmail, says it's only an example of "people encouraging users to run malicious code on the Web." A spokesman tells ZDNet News you can simply disable Java script, or refuse to open mail from someone you don't know.