[WEB SECURITY] MSN site hacked in South Korea

Ofer Shezaf Ofer.Shezaf at breach.com
Wed Jun 8 05:07:55 EDT 2005


Well, not just in South Korea

http://www.pcmag.com/article2/0,1759,1825250,00.asp

Jeremiah, can you add it to the "Real World Web Hacking URL's" page?
Another idea regarding this page is to try to categorize it by the
vulnerability type, which would provide an interesting statistics for
the eternal debate about "which vulnerability is most common"

~ Ofer

---
MSN Site Flaw Exposes Hotmail Accounts to Prying Eyes 
06.07.05   Total posts: 1  
  
By Libe Goad  
One week after hackers exploited a weakness in the MSN Korea Web site,
Microsoft admitted to taking down part of its MSN site over the weekend
after learning about a flaw that would allow hackers to access Hotmail
accounts. 
Reports say the MSN Web site, ilovemessenger.msn.com, contained a
cross-site scripting flaw. That means someone could potentially use to
site to obtain user data via "cookies," or bits of user data, by having
MSN customers click on a malicious URL. Once someone clicked the URL,
hackers would be able to access their personal e-mail accounts.



Ofer Shezaf
CTO, Breach Security
Phone (US): +1 (760) 268.1924 ext. 702
Phone (Israel): +972 (9) 956.0036 ext.212
Cell: +972 (54) 443.1119
ofers at breach.com
http://www.breach.com

> -----Original Message-----
> From: zeno at cgisecurity.net [mailto:zeno at cgisecurity.net]
> Sent: Friday, June 03, 2005 5:54 AM
> To: websecurity at webappsec.org
> Subject: [WEB SECURITY] MSN site hacked in South Korea
> 
> Just found this on cnn a few minutes ago.
> 
> "WASHINGTON (AP) -- Microsoft acknowledges that hackers booby-trapped
its
> MSN Web site in South Korea
> to steal passwords from visitors. The company says it was unclear how
many
> Internet users might have
> been victimized."
> 
> ...
> 
> "The Korean site, unlike U.S. versions, was operated by another
company,
> which Microsoft did not identify.
> Microsoft's own experts and Korean police were investigating, but
> Microsoft believes the computers were
> vulnerable because operators failed to apply necessary software
patches,
> said Sohn, an MSN director."
> 
> http://www.cnn.com/2005/TECH/06/02/ms.hack.ap/index.html
> 
> 
> 
> 
> - zeno
> http://www.cgisecurity.com
> 
> ---------------------------------------------------------------------
> The Web Security Mailing List
> http://www.webappsec.org/lists/websecurity/
> 
> The Web Security Mailing List Archives
> http://www.webappsec.org/lists/websecurity/archive/


---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list