Simple clear advice in plain English

Microsoft says MSN flaw doesn't affect customers

Security hole could allow attacker to steal web users' account details

Microsoft has insisted that users of its MSN website should continue to use the site, despite a newly discovered security flaw.

Security researcher Yash Kadakia found that because of the way the technology behind the MSN site works, cookies issued by it could be stolen by hackers. These could then be used to gather information about legitimate users. The flaw also affects the Amazon shopping website, Mr Kadakia said.

The cookies mean a user only has to log in once to either their Amazon or My MSN site. Once logged in to the site, a user doesn't have to re-enter a password again to access their personal details.

Mr Kadakia found the flaw would allow hackers to produce fake cookies to impersonate a user, without having to have that user's password or email address. The hacker could then access the victim's account and emails.

Mr Kadakia says that he told Microsoft of the problem a year ago, but was ignored until he posted on his website screen captures of how the flaw could be exploited by a hacker.

A spokesperson for Microsoft said that it was aware of the vulnerability in its sites, and that it "will provide a solution to address the problem". Although the flaw has not yet been patched, the company says it is "not currently aware of any customer impact".

We are still waiting for comment about this flaw from Amazon.

Reader Comments

   

Add your comment

All fields must be completed. Your email address will not be displayed or used to send marketing messages.

All messages will be checked by moderators before appearing on the site.

See our Privacy Policy for more information.

Related articles

Grab technology bargains illustration

Bag yourself a fantastic bargain

If you pay full price for your latest piece of technology, you haven't been shopping around. We show you how to save money when buying your new gadgets

Loose cables graphics cards or memory modules can cause problems

Solve problems with your computer

Are you frustrated when your PC beeps, gives an error message and doesn't do what you want it to? We explain what these problems are and how to fix them

f-341-pc-slip-ups

How to avoid common PC mistakes

Everyone makes mistakes, but some can be averted if you follow our advice

Question & Answer

Q.How do I store musician and other information about...

> Read the answer

Q.Why can't my browser find the website address I typed...

> Read the answer

Q.All updates have been downloaded, so why won't Windows...

> Read the answer

Best deals on the web

img

Apple MacBook Pro (MC724LL/A)

£999.99- Buy it now

img

Sony Vaio VPCF23P1E/B

£679.98- Buy it now

img

Sony Vaio VPCEH1J1E/W

£349.99- Buy it now

Great benefits for subscribers!

Poll

Which is your preferred web browser

Jargon Buster

Computing terms explained in plain English

Bios

Basic Input Output System. Essential software built into every PC that connects the vital components....

Great shopping deals from Computeractive