Hotmail bug allows password theft

Microsoft can't seem to shake the security gremlins from its Hotmail free email service.

The software giant is investigating yet another security dilemma with its Hotmail service that permits the sending of JavaScript code that could automatically present a bogus password entry screen. Usernames and passwords entered by unsuspecting users could be collected by the email sender.

Microsoft said it is looking into the issue, although it has not received any other reports on this security problem.

JavaScript is a Web scripting language developed by Netscape Communications for performing actions on Web pages without user input. The language is commonly used for launching pop-up windows or for scrolling text, but it has also become a major security headache for browser makers and Web sites like Hotmail because of its potential usefulness to malicious hackers.

Earlier this month, Microsoft confirmed a JavaScript password-stealing exploit that had the same effect as the most recent one, but that was implemented differently, according to Georgi Guninski, a Bulgarian programmer.

Guninski claims the new JavaScript glitch circumvents Hotmail security barriers by placing the JavaScript in HTML image files.

Microsoft confirmed that the glitch is yet another way to execute malicious code in someone's email.

"We do filter out some JavaScript tags to provide better security, to stop some hacks and spoofs," said MSN lead product manager Deanna Sanford. "As we get these reports, we are evaluating other filters to provide to users. It's an ongoing process."

As an extreme measure to protect against such security breaches, both Guninski and Sanford said users can disable JavaScript in their browsers.

After a security problem last week exposed Hotmail users to attack, Microsoft acknowledged it was hiring an outside firm to examine security at the free email service.

[biometric01]

Much has been discussed about Identity Theft, user ID's and Passwords stolen or hacked, credit cards being used without the owners knowledge and so on. Now there is a safe way of protecting your passwords and identity online from being copied, stolen and hacked by keyboard trojans, using your biometric fingerprint and face recognition, and even voice, to log on to web sites. By simply scanning your finger or face or voice you can log on to a web site, log on to your computer, and even encrypt files and folders. No more worrying about who might hack into your online accounts or even your email. No more remembering passwords or using the same passwords on many sites. This is an exciting new innovation from myBiodentity and they have about fourteen products that are enabled with biometrics including email encryption, password manager, virtual disk, and many more. You can read more at About Identity Theft and stolen passwords, recently I came across a site that uses Biometrics of finger, face and voice verification so the user just scans to log on. You can read more at http://www.mybiodentity.com