According to a news published at Whitec0de, a critical password reset and setup flaw in Microsoft’s Hotmail was discovered by a hacker hailing from Saudi Arabia. The details of the hack got leaked on an underground forum where the hacking service was advertised for $20 (15 EUR) per hacked Hotmail/Live account. In a few days, many accounts were hijacked by cyber criminals mainly from Morocco, who were in possession of the remote exploit. According to Whitec0de, the attack could be carried out by using a Firefox addon called Tamper Data which allows the the user to intercept the outgoing HTTP request from the browser in real time and modify the data. All the attacked had to do was to select the “I forgot my Password” and select “Email me a reset link” and start the Tamper Data in Firefox and modify the outgoing data. Numerous YouTube videos have come up to demonstrate the proof of concept. Googling the Phrase” ???? ???????? 2012 “will bring up several videos demonstrating the same.
Earlier we have seen how critical security bugs in many social networking and email sites had created major risks to its users. Such critical flaws can possess severe danger to common email users. This shows a bit negligence from Microsoft that was timely identified and spread like a forest fire. Many underground hacking communities flooded with post making possible of getting a Hotmail email ID hacked for as low as $20. This flaw has been reported to Microsoft Security Response Center (MSRC). “We are aware of this issue from public discussion, and we have already addressed it to protect Windows Live ID customers,” MSRC representatives said.