Users login

Create an account »


Users login

Home » Hacking News » Security holes in Hotmail and other webmails

Security holes in Hotmail and other webmails

by Nikola Strahija on January 3rd, 2002 Most webmails services and applications have huge security holes on the client side. On Hotmail and Yahoo mail, execution of malicious javascript and HTML code was possible. There were flaws in the HTML filters, and cross-site scripting vulnerabilites.

When an evil HTML message was read, it could
delete emails, launch a webmail worm, steal the session cookie to allow a third party to gain
unauthorized access to the mailbox, etc.

Since these kind of vulnerabilities are NOT new, and a new hole is found
every 6 months, it seems right to say that webmails are not safe at this
time, even if these particular bugs on these particular sites are fixed.
So, users should not use webmails for important or private datas. They should:

- - disable Active Scripting (sadly, many webmails need javascript to
operate properly).
- - disable automatic image loading.
- - view messages in plain text rather than in html, if possible.
- - never click on a link submitted in an email, even if it is to a trusted
- - not rely on webmails as a safe place to store data. Do a backup.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »