posted Nov 02, 2001

Stealing MS Passport's Wallet
Hacking & Cracking
'By cobbling together a handful of browser-based bugs with flaws in Passport's authentication system, Slemko developed a technique to steal a person's Microsoft Passport, credit card numbers -- and all, simply by getting the victim to open a Hotmail message.'

Were it not for the discouraging effects of the DMCA, I would find it enjoyable to try to crack .Net, in the effort to improve the system for the users. Of course, in this legal environment, I have better ways to have fun then improve somebody else's code for free.

Once again, it's worth reminding people that this crack broke the entire .Net system wide open. That's the perils of centralized architecture like this. This is only the first of many, I expect.

If you want security, do NOT sign on to Passport. The more you think you need to, the more "services" you would thus activate, the more true this is.

 

 

Site Links

 

RSS
All Posts

 

Blogroll