[Am-info] BEHIND MICROSOFT'S PASSPORT SECURITY BUG
Fred A. Miller
fm@cupserv.org
Tue, 20 Nov 2001 15:15:38 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
BEHIND MICROSOFT'S PASSPORT SECURITY BUG
(Source: InfoWorld.com) Marc Slemko, a Seattle developer,
demonstrated that he could retrieve all of a user's cookies and
use them to access that person's Passport information any time
the user viewed one of Slemko's messages within 15 minutes of
signing on to Hotmail, which now requires Passport.
http://www.idg.net/go.cgi?id=601914
- --
Fred A. Miller
Systems Administrator
Cornell Univ. Press Services
fm@cupserv.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7+rnqIhTtc6nTZIIRAsXVAJ96KxZhnbTNXq2cn0PlsUenzjEH4gCfYQAj
qvgocbeZ6hZgyzexi+1zep4=
=MyP+
-----END PGP SIGNATURE-----