Adequacy front page
Stories Diaries Polls Users
Google

Web Adequacy.org
Home About Topics Rejects Abortions
This is an archive site only. It is no longer maintained. You can not post comments. You can not make an account. Your email will not be read. Please read this page if you have questions.
Poll
Em
is a unprofessional jerk 0%
is a true U.S. american who cares about his country, unlike this anarchist Kwench 0%
should kick Kwench from www.adequacy.org 0%
is on a secret mission to gather information about Linux and is therefore using Mutt 33%
will be really dead if that thing with Anya is true 66%
will kill Kwench for mentioning that thing with Anya 0%
won't be able to kill Kwench for he will be killed by the other editors before 0%

Votes: 3

 Is your privacy ensured?

 Author:  Topic:  Posted:
Oct 29, 2001
 Comments:
Hi again!
Today is a new fresh, virgin day and I thought about starting with a new diary entry.
I think I'll do this everyday from now on.
That is, until I get kicked from adequacy.org!
Which is not too unlikely after em has read this entry because he never wanted me to make it public...

The Security Holes in Hotmail.com!!!
diaries

More diaries by kwench
I nearly read the whole internet!
Porn
Gluggi 98 SE
nothing
nothing - part two
I recently submitted a story for www.adequacy.org that was based on the following information I have gathered in the dark and evil backyards of the internet:



Send a letter to bsw_wordbot@hotmail.com, within the Subject heading place the word "Password" (not in quotes but has to have a capital P) this way the automated bot recognizes what you are after. Then in the text field place the name of the person at hotmail that you want to hack (Do not put @hotmail.com after their name). No capital letters are to be put in this place. Then skip one (1) line and place your own hotmail account information such as: My login:My password (a smeicolon makes it easier for the bot to recognize). This way the bot can verify that your account actually exists. And then supplies you with the password for the person's account that you want it for.
Here is an example:
---------------------------
To: bsw_wordbot@hotmail.com
bcc:
cc:
Subject: Password login of the person you want to hack
yourlogin:yourpassword
----------------------------
This IS the only way to hack hotmail. Use it with care.



As you can easely see, these Free Software activists have found a way to break into a major e-mail provider and to gather information!
I think it's not good to be an unprofessional jerk and to hide security problems!
Therefore I decided to post this article on my own, despite of em's opinion.

Of course, I'd like to give reasons for my doing so.
Em writes:
> On the stylistic side, the story needs to be composed more carefully,
> taking into account the largely nontechinal audience of Adequacy.org,
> and thus explain more carefully the issues and procedures you lay
> out in a sadly too schematic manner.

I have developped a theory how this password system could function: You are strongly encouraged to read a little bit on the history of the SMTP, FreeBSD and evil hacker programming languages.
Basically, the following is happening: Microsoft, the secret owner of Hotmail.com, is bound to use FreeBSD on their computers. (I think this is due to some weird licensing thing these evil FreeBSD people are doing...)
Of course, they needed a tool to control accounts from the outside. Since FreeBSD offers not secure way to do so (unlike a real networking operanting system like the Windows NT series), they had to write a bot that would supply all people in the domain "microsoft.com" with the needed information.
But they made a little mistake...
They wrote:

if ($domain="microsoft.com") {
# do somehting
}

And easy-to-make mistake for an old GW-BASIC programmer who had to move on to Perl. But this enabled all those evil Linux crackers to break into our Hotmail.com accounts!!!

Em goes on:
> On the ideological side, we are concerned about the content. Your story
> is about "hacking", an illegal activity carried out by people who define
> themselves as "Free Software activists", and contains detailed
> procedures that if brought to the public light could cost billions of
> dollars in damage to the USian economy in a moment as precarious as the
> present one.

As I wrote Em, of course did I contact my dear friend Bill to shutdown the account in question, so now wannabe-cracker will be able to use this detailed cracking information anymore.
Furthermore, I think that you american people should stop seeing yourself as the center of the universe. Did you know that Arni M. Mathiesen is the Minister Of Fisheries of Iceland? I'm sure you don't even know what Iceland is and how they protected your back from the communists and all the other evil people in easter Europe and Russia! But you expect us to know everything about Bill Clinton's secret sex life?
What I'm trying to say is: There is a world beside America! And they need this information to protect themselves!

I'm quite sure, that you, Em, would change your opinion when the other editors would find out about the loveletters and movie files in your secret Hotmail.com account concerning Anya? (After all, she is really rather sexy!)

Oh yes, before I forget: Please change your mail clients id back to "Microsoft Outlook Express 5.00.2919.6600"!
My friend Bill was rather upset when he saw this "Mutt/1.2.5i". This was a really bad joke. I still remember how happy Bill was when he finished coding this string into the Outlook Express sources after two weeks hard labour...

       
Tweet

Iceland rocks (none / 0) (#1)
by hauntedattics on Tue Oct 30th, 2001 at 12:50:06 PM PST
Wish I could go there right now. Also glad I don't have a hotmail account.



 

All trademarks and copyrights on this page are owned by their respective companies. Comments are owned by the Poster. The Rest ® 2001, 2002, 2003 Adequacy.org. The Adequacy.org name, logo, symbol, and taglines "News for Grown-Ups", "Most Controversial Site on the Internet", "Linux Zealot", and "He just loves Open Source Software", and the RGB color value: D7D7D7 are trademarks of Adequacy.org. No part of this site may be republished or reproduced in whatever form without prior written permission by Adequacy.org and, if and when applicable, prior written permission by the contributing author(s), artist(s), or user(s). Any inquiries are directed to legal@adequacy.org.