David Le Page
You may just have recovered from your Lovebug woes. But if you’re a Hotmail user, don’t breathe easy just yet.
A new security flaw in the Microsoft-owned free e-mail service has been uncovered, which potentially allows crackers (malevolent hackers) to access your Hotmail account, read and delete your mail, and send messages under your name.
Security scares are nothing new to either Microsoft or Hotmail. Last year their 50- million accounts were exposed to public scrutiny by another flaw, while problems with Microsoft’s commercial software are routinely uncovered. Many viruses are designed to assault systems running Microsoft’s Outlook e-mail software.
Because of the nature of viruses such as the Lovebug, which caused corporate information technology breakdowns around the world last week, many users have now learned not to click on attachments to e-mails from unknown sources.
But the particularly insidious nature of the new Hotmail problem is that it has corrupted the security of what till now has always been a secure procedure: clicking on a link.
But should that link be a Hotmail link to an attached file, a javascript “trojan horse” can read your Hotmail account information and e-mail it to the sender of the “trojan horse”. In other words, to get access to your e-mail, an enemy or prankster need simply e-mail you the attachment and then just wait for you to do the rest.
If you use Hotmail to access other e-mail accounts, that information could also be scooped up, along with the necessary passwords.
Microsoft’s response has been far from reassuring, saying simply that they are “researching” the problem and will take further action if necessary.