mail security breach it suffered late last weekend has been closed up. The bad news is that what caused the breach was almost too simple.
That's what ZDNet News is saying today, crediting a Swedish programmer, Michael Nobilio, with discovering the hole. He apparently found it as a way to help Hotmail users access their accounts a little more simply - but he didn't figure it would leave a wide gap for hackers to slip through.
Nobilio wrote a program to help Hotmail users take advantage of the hole to get in simply - but the program was exploited by others, ZDNet says. Writers for ZDNet's Sm@rt Reseller discovered that, during the height of the Hotmail breach, they "had to resist temptation to read Microsoft President Steve Ballmer's e-mail.
"Everyone, but everyone's Hotmail mailbox was compromised."
The hole seems to have been created by sloppy CGI editing, ZDNet says. And, by just "trusting" information put into a certain URL format, without requiring any more user password check, "Hotmail's security door was left wide open."
ZDNet hints that the ramifications in its wake could be large, suggesting resellers and users alike will likely start hunting safer free e-mail systems.
