Canadian Web programmers have uncovered a security glitch that could fool users of Microsoft's Hotmail e-mail service into revealing their passwords.
The glitch allows a malicious user to send a malicious Java applet to a Hotmail user. The applet, which runs as soon as the e-mail message is viewed, alters the Web-based user interface of the Hotmail account, creating a false timeout message, and asking the user to re-enter his or her password in order to use the account.
Hotmail officials did not immediately return telephone calls.
Once a user has someone's password, he or she can not only alter that Hotmail account, but can also alter or delete messages on an Internet service provider e-mail account, through the POP-mail feature on Hotmail.