Showing results 1 to 20 of 57

Microsoft fixes critical Hotmail password flaw

Microsoft has fixed a critical security flaw in its Hotmail login process that made it possible for hackers to take over accounts on the webmail service.The Microsoft security team said in a tweet on Friday that it had "addressed a reset function incident to help protect Hotmail customers", and that no further action was needed on the customer's part.

April 30, 2012 by

Confessions of a Windows 7 pirate

I've been hanging out with a bad crowd lately, trying out popular hacking tools and utilities to see if I could install Windows 7 without paying for it. Unfortunately, I succeeded. In this post, I'll share my experiences, including close encounters with some very nasty malware and some analysis on how the latest showdown between Microsoft and the pirates is likely to play out.

March 2, 2010 by

Microsoft's intelligence security report: The top 5 takeaways

Microsoft on Wednesday will unveil its sixth Security Intelligence Report and the tome---all 184 pages of it---has a lot of interesting data points culled from the software giant's antivirus applications. Microsoft concludes that rogue security software is a big threat, lost and stolen equipment is a bigger issue than hacking and PDF and Office extensions are leading vectors.

April 7, 2009 by

Spammers break Microsoft Live Hotmail CAPTCHA...again

The latest version of Microsoft Live Hotmail's CAPTCHA authentication system has been broken, reports InfoWorld via security company Websense.According to a detailed analysis of the latest hack by Websense, spammers have come up with a new scheme to fool the CAPTCHA:The process starts in the same way as did previous CAPTCHA-breaking attacks, using bot-controlled zombie PCs under remote control to fill in the main fields - name, password, country - asked for by Hotmail during signup.

February 17, 2009 by

As attacks escalate, MS readies emergency IE patch

Microsoft is planning to ship an emergency Internet Explorer update tomorrow (December 17) to counter an escalating wave of malware attacks targeting a zero-day browser vulnerability.[ SEE: Hackers exploiting (unpatched) IE 7 flaw to launch drive-by attacks ]The out-of-band update, which will be rated critical, follows the public discovery of password-stealing Trojans exploiting the bug on Chinese-language Web sites.

December 16, 2008 by

IE zero-day attack surface expands

The attack surface for password-stealing Trojans currently targeting an unpatched flaw in Microsoft's Internet Explorer has expanded to include all versions of the browser, including the newest IE 8 Beta 2.Microsoft released an updated advisory to warn that the underlying flaw affects much more than IE 7 and to spread the word about additional workarounds that can help limit the damage from actual attacks.

December 12, 2008 by

Why did Microsoft wait 7 years to fix SMBRelay attack flaw?

One of the code execution vulnerabilities fixed in this month's Microsoft Patch Tuesday release dates back to 2001 when it was first disclosed by Cult of the Dead Cow hacker Sir Dystic (pictured left).If that wasn't cause for worry, get this:  An exploit for the bug -- in the way that Microsoft Server Message Block (SMB) Protocol handles NTLM credentials -- has been part of the Metasploit hacking tool since July 2007.

November 12, 2008 by

Attacker: Hacking Sarah Palin's email was easy

A college student identified as Rubico has claimed responsibility for hacking into Sarah Palin's personal email, and provided a detailed 1st person account of how he hacked into the email account using the password "popcorn" which he managed to reset by successfully answering her security question “Where did you meet your spouse?

September 18, 2008 by

Microsoft downplays BitLocker password leakage

Microsoft is downplaying the severity of a password leakage issue in BitLocker, the full disk encryption feature built into Windows Vista, insisting that a real world attack scenario is "very unlikely."According to an advisory from iViZ, the password checking routine of Microsoft Bitlocker fails to sanitize the BIOS keyboard buffer after reading passwords, resulting in plain text password leakage to unprivileged local users.

September 2, 2008 by

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.

Top Stories