[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: press alert! (fwd)



dbt@luciana:~>webgrab -h http://lw1fd.hotmail.msn.com/
HTTP/1.1 302 Found
Date: Wed, 01 Sep 1999 14:34:55 GMT
Server: Apache/1.3.6 (Unix) mod_ssl/2.2.8 SSLeay/0.9.0b
Location: http://lc3.law5.hotmail.passport.com/cgi-bin/login
Connection: close
Content-Type: text/html

dbt@luciana:~>webgrab -h http://lc3.law5.hotmail.passport.com/cgi-bin/login
HTTP/1.1 200 OK
Date: Wed, 01 Sep 1999 14:36:29 GMT
Server: Apache/1.3.6 (Unix) mod_ssl/2.2.8 SSLeay/0.9.0b
Cache-Control: no-cache
Expires: Mon, 01 Jan 1999 00:00:00 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html

Now can we PLEASE drop this?  Hotmail's CGI bugs have nothing to do with
what OS they're running on, and even less to do with OpenBSD, except as
an example of the kind of shoddy code that we avoid whenever possible.

On Wed, Sep 01, 1999 at 04:32:06PM +0200, Majestic One wrote:
> Hello.
> 
> Generating a 404 on
> 
> http://lw1fd.hotmail.msn.com/
> 
> And reading the source turns up several lines like..
> 
> <!-- FILE: fmhead.asp -->
> /cgi-bin/dasp/memserv_shell.asp?
> 
> My guess would be they have finally succeeded in turning it into ultra 
> secure IIS.
> 
> /Mj1 
> 
> > At 03:15 AM 9/1/99 +0000, Louis Bertrand wrote:
> > >(Reposting to misc because of the lack of response on advocacy)
> > >
> > >Hello all,
> > >
> > >I just about choked on my lunch reading this newspaper's story on the
> > >HotMail breach:
> > > http://www.globeandmail.com/gam/National/19990831/UMAILN.html
> > > "Jill Schoolenberg, a marketing manager with Microsoft Canada's MSN
> > > unit,
> > >said attacks from computer hackers are the price that Microsoft pays
> > >for being a high-profile software maker with top-notch security
> > >systems."
> > >
> > I think HotMail is still running on FreeBSD, no?  Perhaps not as secure
> > as OpenBSD, but still miles ahead of NT.
> > 
> 
> 

-- 
David Terrell                             | dbt@meat.net, dbt@paypal.com
Instant Payments... Anytime... Anywhere.  | http://www.paypal.com/
PayPal, a free service of Confinity, Inc  | http://www.confinity.com/