Dear Windows-Help.NET Subscriber,
This week started off with a bang when it became apparent that all of Microsoft Hotmail accounts were open for anyone to read. Since there are somewhere between 40-50 million Hotmail accounts, this made for the biggest security breach of all time.
It all started when a Swedish newspaper Expressen (in Swedish) published the work of a programmer who wrote a simple piece of code to circumvent Hotmail's password verification. When people saw this code, they realised how easy it was to access any Hotmail account. Dozens of Web pages (example) sprung up to take advantage of the security hole.
Early statements from a Microsoft spokesmen declared that you needed "specific knowledge of advanced Web development languages" to break into Hotmail via this route. Well, the code is actually so simple that it was in use on dozens of Web sites in no time. This is the basic code:
http://207.82.250.251/cgi-bin/start?curmbox=
ACTIVE&js=no&login=username&passwd=eh
To use this hole, you just had to replace username in the above code with the actual Hotmail username for the account you wanted to access.
Microsoft took the Hotmail servers off-line for a few hours on Monday, and fixed the security hole.
It has been quite a hectic time for Microsoft, with other reported security issues. First there was the Microsoft Office 97 vulnerability (a vulnerability in Jet, which turned out to be present in Office 2000 as well, contrary to earlier Microsoft claims). Then we got the "Virtual Machine Sandbox" Vulnerability (a Java VM vulnerability), the "Scriptlet.typlib/Eyedog" Vulnerability (an ActiveX vulnerability), while the last one was the "Fragmented IGMP Packet" Vulnerability.
Microsoft Windows 2000: More Delays
Microsoft has released a weekly interim build (Build 2114) of W2K. Release Candidate 2 (RC2) was scheduled for release on September 1, but is now set for a September 15th release. This pushes back the whole schedule by 15 days, and RC3, which was slated for an early October release, is now scheduled for October 27th.
As things are now, it looks like Windows 2000 will go RTM (Release To Manufacturing) on November 15th. This will mean that Windows 2000 will not be on store shelves untill late January or early February.
In recent weeks there were rumours that Windows 2000 might drop multi monitor support in the final version. It was claimed by an article in PC Week that Microsoft was going to eliminate this feature, but Microsoft responded by announcing that Windows 2000 will include multi-monitor support upon release.
Special Offer from the InfiniSource Software Store
VirusScan Classic 4.03
The Only Anti-Virus That Protects You From All Computer Threats! Stop Viruses Before They Stop You!
$34.95
FREE after rebate!