|
|
|
|
|
Windows Live Hotmail CrackedAutomated program can bypass the CAPTCHAS of the Windows Live Mail registration system |
By Marius Oiaga, Technology News Editor
12th of February 2008, 11:31 GMT
Adjust text size:  
|
| |
|
Microsoft's Windows Live Hotmail has been cracked. Like other Internet powerhouses such as Yahoo and Google, Microsoft too is offering a free web-based email service. Windows Live Hotmail, referred to as Windows Live Mail during the development stage, is designed as the successor of the Microsoft MSN Hotmail service. First introduced in November 2005, Windows Live Hotmail, rebranded under the Hotmail label in early 2007, was finalized in October 2007. Currently,
Microsoft is hard at work on the development of Windows Live Wave 3 of products and services, aiming to introduce the next generation of Windows Live Hotmail by the end of 2008.
Well, one thing where no efforts should be spared is in the CAPTCHAS of the Windows Live Mail registration system. Security outfit Websense has warned of the detection of an automated program capable of bypassing the security measures set in place by the Redmond company, to differentiate between people and bots.
"Websense Security Labs ThreatSeeker technology has discovered that Windows Live Mail accounts have been targeted in recent spammer tactics. In these recent attacks, spammers have managed to create bots that are capable of signing up and creating random Live Mail accounts that could be used for a wide range of subsequent attacks," Websense revealed.
According to the security company, the fact that Microsoft's Windows Live Hotmail is free, in combination with the fact that it is unlikely to be blacklisted, as well as the very large user base, make it an ideal web-based email service for sending out spam. Because in the end, the illegitimate accounts created by bots are in fact being used to send out unsolicited emails.
"First, the bot is observed to request the Live Mail registration page and it begins filling in the necessary form fields (as any ordinary user would be required to) with random data. When it comes to the CAPTCHA verification test, the bot sends the CAPTCHA image to its CAPTCHA breaking service for the text in the image. Next, we observe the bot receiving a response from the server with the text in the CAPTCHA image," Websense added.
|
|
| Rating: |
|
Good (3.8/5) |
5 vote(s) so far |
|
|
|
|
User opinions: |
| Comment #1 by: Chen jun bing on 12 Feb 2008, 13:46 GMT |  reply to this comment | Windows OS, IE, MSN messenger, Live Hotmail, etc. is always having attacks and other issues.
I'm strongly considering dropping internet use all toegther like I've already done with television.
Corporate is losing me as a consumer in several telecommunication areas. I don't use a cell phones, TV's. Next will be personal PC.
If I have to use a PC, I'll just go to the library or local state employment agency.
I'm not being negative, I just need a simple life. Telecommunications and the internet adds to my stress levels. I'm tired of problems. |
| Comment #2 by: Chen jun bing on 12 Feb 2008, 13:51 GMT | reply to this comment | Windows OS, IE, MSN messenger, Live Hotmail, etc. is always having attacks and other issues.
I'm strongly considering dropping internet use all toegther like I've already done with television.
Corporate is losing me as a consumer in several telecommunication areas. I don't use a cell phones, TV's. Next will be personal PC.
If I have to use a PC, I'll just go to the library or local state employment agency.
I'm not being negative, I just need a simple life. Telecommunications and the internet adds to my stress levels. I'm tired of problems. |
| Comment #3 by: Greg on 19 Feb 2008, 16:30 GMT | reply to this comment | Well, as a Hotmail user - this function has nearly ruined a user's experience. The CAPTCHA service that hotmail uses randomly, known as the HIP service, doesn't even work properly. It basically locks legitimate users out of the email. Randomly, before sending an email, Hotmail will require you to verify your email address with a link. Upon clicking this link, it opens a new window with an 8-character CAPTCHA known as the HIP service. Sounds simple enough. However, upon entering the correct characters in - the system simple loops around, says that the characters are invalid, and presents you with a new set of characters. In the 2 days I have been dealing with this, I have read horror stories all over the internet about the Hotmail HIP service, and their inability to even care about fixing it. Most people just abandon their email address and make a new one. Some of us who run businesses do not have that option. I agree that preventing bots from creating accounts in the first place is the route to go, but harassing and pissing of your current users with such ridiculousness is absurd. We can only hope that Yahoo gets desperate enough to sell to Microsoft - then maybe Microsoft could have some email technology that was worth something. |
|
|
|
