Microsoft's Windows Live Hotmail has been cracked. Like other Internet powerhouses such as Yahoo and Google, Microsoft too is offering a free web-based email service. Windows Live Hotmail, referred to as Windows Live Mail during the development stage, is designed as the successor of the Microsoft MSN Hotmail service. First introduced in November 2005, Windows Live Hotmail, rebranded under the Hotmail label in early 2007, was finalized in October 2007. Currently,
Microsoft is hard at work on the development of Windows Live Wave 3 of products and services, aiming to introduce the next generation of Windows Live Hotmail by the end of 2008.
Well, one thing where no efforts should be spared is in the CAPTCHAS of the Windows Live Mail registration system. Security outfit Websense has warned of the detection of an automated program capable of bypassing the security measures set in place by the Redmond company, to differentiate between people and bots.
"Websense Security Labs ThreatSeeker technology has discovered that Windows Live Mail accounts have been targeted in recent spammer tactics. In these recent attacks, spammers have managed to create bots that are capable of signing up and creating random Live Mail accounts that could be used for a wide range of subsequent attacks," Websense revealed.
According to the security company, the fact that Microsoft's Windows Live Hotmail is free, in combination with the fact that it is unlikely to be blacklisted, as well as the very large user base, make it an ideal web-based email service for sending out spam. Because in the end, the illegitimate accounts created by bots are in fact being used to send out unsolicited emails.
"First, the bot is observed to request the Live Mail registration page and it begins filling in the necessary form fields (as any ordinary user would be required to) with random data. When it comes to the CAPTCHA verification test, the bot sends the CAPTCHA image to its CAPTCHA breaking service for the text in the image. Next, we observe the bot receiving a response from the server with the text in the CAPTCHA image," Websense added.
No comments:
Post a Comment