On Thu, Oct 21, 1999 at 09:27:38AM -0500, Pete Krawczyk wrote: > Within the last couple weeks, Microsoft has unveiled their new Passport > service which allows you to log in to multiple sites and do your work with > one single login. However, they failed to realize that not all people > allow all cookies everywhere to be put on their computer. > > It is possible by making a settings change in Netscape (and possibly IE) to > transparently let a user log in as the last user that used Hotmail on that > computer. > > By setting the Cookies preference to "Accept only cookies that get sent > back to the originating server", you can keep the authorization cookie that > allows a user to log in to Hotmail and read the last user's mail. The > authorization cookie is temporary, however, and is deleted when the browser > closes. > > Try it: > 1) In Netscape, set your cookie preference to the above. > 2) Log in to any Hotmail account. > 3) Choose "Sign Out". > 4) From the MSN page that appears after sign-out, choose the Hotmail link. > 5) You will be back in the Inbox. > > Possible Fixes: > 1) Set cookies to "Accept all cookies" > 2) Close your browser immediately after signing out. > > Tested on Netscape 4.5 and 4.6, using both the "Increased Security" and > "Neither" authorization methods. > > When contacted at Hotmail_Technical_Support_Xat_private (Hotmail gives > you this address to ask security questions if you send a blank email to > howsecureat_private ), I got a Mail Delivery error that the address did > not exist. > > -Pete K > -- > Pete Krawczyk http://www.uiuc.edu/ph/www/pkrawczy/ > pkrawczy at uiuc dot edu Finger for PGP Public Key We are currently looking into this, it seems to be speratic. Certain accounts are vulnerable to this. I have had limited success reproducing this on a number of platforms and browsers. -- -------------------------------------------------------------------------- Dave McKay daveat_private MSN Hotmail http://www.hotmail.com --------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:08:31 PDT