Security hole could allow attacker to steal web users' account details
Microsoft has insisted that users of its MSN website should continue to use the site, despite a newly discovered security flaw.
Security researcher Yash Kadakia found that because of the way the technology behind the MSN site works, cookies issued by it could be stolen by hackers. These could then be used to gather information about legitimate users. The flaw also affects the Amazon shopping website, Mr Kadakia said.
The cookies mean a user only has to log in once to either their Amazon or My MSN site. Once logged in to the site, a user doesn't have to re-enter a password again to access their personal details.
Mr Kadakia found the flaw would allow hackers to produce fake cookies to impersonate a user, without having to have that user's password or email address. The hacker could then access the victim's account and emails.
Mr Kadakia says that he told Microsoft of the problem a year ago, but was ignored until he posted on his website screen captures of how the flaw could be exploited by a hacker.
A spokesperson for Microsoft said that it was aware of the vulnerability in its sites, and that it "will provide a solution to address the problem". Although the flaw has not yet been patched, the company says it is "not currently aware of any customer impact".
We are still waiting for comment about this flaw from Amazon.
Related articles
Q.Why are some of the keys on my keyboard doing strange...
Q.Is my phone’s Bluetooth any use?
Q.Can I switch boot drives so that I can work on older...
St Helena, a 'small British village' in the mid-Atlantic, is seeking support and funding for a broadband connection
Grahics Interchange Format. A type of image file often used on the web, but now largely superseded by...
|
|
|
|
|
Computeractive Excel (2010) Online tutorialPrice: £19.99 |
Computeractive Word (2010) Online TutorialPrice: £19.99 |
Computeractive Powerpoint (2010) Online TutorialPrice: £19.99 |
Angry BirdsPrice: £9.99 |
Back Issue CD-Rom 14 (2011)Price: £15.99 |