Follow @RoyOsherove on Twitter

Serious Hotmail Vulnerability: Easily Reset Anyone's Password

If you havn't heard yet, A 'bug' was discovered in Microsoft's Hotmail service which would basically allow you, using a simple typing of a URL to your explorer bar, to reset the password of any HotMail User you'd like. Any user. No hacking needed.

You can read all about it in This Post By Phil Scott.

There will probably be a lot of babble about it, and the sensless bug that is exposed there and how MSFT's "Safe Computing" initiative is a joke and what not.

I'd just like to say this: Whatever MSFT did or did not do, this is some major screw-up. It is one of those bugs that  is sooo simple to find and repair, it's a shame it had to come out like this. It does not have anything to do with anything else MSFT's been up to. It was just an honest, very stupid, mistake. And MS should pay for it big time if any damage was done. It will ,with all the media hype anyway.

I'm saying this because I feel compelled to say that the media frenzy (or "BullSh*t Storm" as some call it) that is about to go into circulation about this will, no doubt, be  (partly) misleading, Panicky, and gloating about this more then it should be. The only thing that should be spoken of is: The amount of damage that was done, How to repair it, MSFT's press releases about this and any other "to-the-point" matters.

I wonder what would have happened if something like this was discovered in another company's ultra-secure system. Would they hype be just as big? would it go laregly unnoticed, or fade in 2 days? I wonder.

 

More About Using Undocumented API's

TechEd Israel Report