MSN and Hotmail are certainly not alone here. A lot of people check that "save password" feature for many of these online mail systems. Yahoo can do it as well. One of the things I have seen is IT folks poking around people's machines and easily getting on their private email thanks to a cached password. Its once again a place where a convenience feature can cause a security problem. Which should serve as an FYI for anybody sending a recieving private mails at work - beware of those cached passwords. If the hackers don't get them, your boss might. Do you want your boss reading your private email? I sure don't. My boss is a real jerk. :-) Andrew Plato President / Principal Consultant Anitian Corporation www.anitian.com -----Original Message----- From: John E Jewkes-AAA0OR-AAA0ID [mailto:aar0miat_private] Sent: Wed 6/19/2002 10:19 PM To: crimeat_private Cc: forensicsboxat_private Subject: Re: CRIME postings/e-mail from Heidi Henry -mcpsat_private One note many of you may have already known, but ignored.... MSN and Hotmail use the same servers. They are in each others pockets, as both are owned by Mssr. Gates. Hotmail is simply a 'web-mail' solution that MSN users also get access to. Hotmail addresses and vice-versa in certain circumstances. On the Good side, MSN grants the initial Password as a randomly based combination of Alphas and Numbers, and Hotmail allows the user to select their initial passwords themselves. MSN/Hotmail does, However use their 'PASSPORT' technology to allow buffered/cookied access each time you login. All it would take would be someone visiting Heidi's PC when she's out to lunch or down the hall to login when the 'cookies' are not set to expire on exit, and boom!! de John Jewkes
This archive was generated by hypermail 2b30 : Thu Jun 20 2002 - 08:21:36 PDT