Feeds

Malicious JavaScript shuts down Hotmail

Is there some reason why e-mail needs Java enabled?

  • alert
  • submit to reddit

Top 5 reasons to deploy VMware with Tegile

Micro$oft's engineering bias preferring features over security has turned on them again. The company was forced to take its Hotmail service off line for about four hours Wednesday to bung a security hole enabling a malicious spammer to intercept Hotmail authentication cookies and take over users' accounts. The exploit uses an HTML attachment containing malicious JavaScript. When the victim views the attached file, the script intercepts the cookies and forwards them to a hostile site. The cookies are used for authentication and give anyone who intercepts them complete access to the victim's account, an intrusion which could also yield access to POP account passwords stored on the Hotmail server. Hotmail blocks JavaScript in e-mail messages, but not in attachments. Hotmail has fixed the hole by redirecting victims who activate the attachment before the JavaScript has a chance to intercept the cookies. Further details on the exploit and an example of the attachment are available from Peacefire. ®

Remote control for virtualized desktops

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Simplify SSL certificate management across the enterprise
Simple steps to take control of SSL across the enterprise, and recommendations for a management platform for full visibility and single-point of control for these Certificates.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.