«
»

The Walls Have Ears

The Register

“A nifty feature in MSN and Windows Messenger which apparently was intended to identify IE users (without their knowledge or consent) on Microsoft Web sites can easily be abused by any Webmaster with a bit of Javascript or VBscript, a clever empiricist has discovered. The feature allows anyone to obtain a surfer’s Messenger username and those of his contacts. Worse, if a username is not available, the e-mail address of the surfer and those of his contacts are displayed instead. Only Microsoft.com, Hotmail.com and Hotmail.msn.com should be able to access the e-mail address of the surfer and his contacts—which of course is bad enough. However, a piece of software could easily make a registry entry during installation which would allow an associated Web site to obtain full details from Messenger.”

Nice. All of these chat clients seem to be vulnerable don’t they. Although of course it is Microsoft’s own fault in the above case. Someone can steal the info that Microsoft themselves were stealing. Ironic.

Related posts:

  1. Hotmail New Hotmail settings might share your info,...
  2. I Spy Email tapping Think using Yahoo or Hotmail...
  3. Hotmail Cookie Thieving Hotmail at Risk to Cookie Thieves MSN...

This entry was posted on Tuesday, February 5th, 2002 at 10:41 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.