Today I Learned - Rocky Kev

TIL 1999 security preach in Hotmail accounts

POSTED ON:

TAGS: history

In around 1999, Hackers Unite discovered a security breach gave them access to personal e-mail accounts to Microsoft Hotmail services.

Account access was possible by visiting a webpage that exploited a login script and typing in a Hotmail address along with the simple password “eh.” From the webpage, anyone could read or send email from a Hotmail account.

"eh."

The motive

Those 50 million users were part of an infamous email hack that August. Through a spokesman, a group called Hackers Unite announced in Swedish media it had gained access to every single Hotmail account using a web browser. “We did not do this hack to destroy, we want to show the world how bad the security on Microsoft really is, and that company nearly [has] monopoly on [all] the computer software,” one of the hackers said.

The issue

The handful of lines of simple HTML code that constitute the exploit took advantage of a Hotmail login script called "start" that is not currently used on the Hotmail welcome page, and the password "eh." After examining that code early Monday, outside security experts suggested that the problem might have been a backdoor inadvertently left open on Hotmail servers by Microsoft engineers.

Jeez

his associates had known about the vulnerability – and had access to Hotmail accounts – for about eight weeks.

The potential reason, by Kaenneth

I worked for Hotmail at the time, while that's not exactly right (no PHP) it was due to the result of a hashing function being checked incorrectly. Basically 1/256ths of random strings would have worked as long as the first byte of the hash was 0. because the string compare only compared to the length of the string, but the first char was a terminator, so the first zero count of byte matched, so that particular script considered it a match.

so if your hash was [1,2,3,1,1,1,1,1] and someone entered a password that hashed to [1,2,3,0,9,9,9,9] the compare would be 1=1, 2=2, 3=3, 0 means we are done, match! So when 0 was in the first position, everything matched.

Via https://www.reddit.com/r/todayilearned/comments/msbxcq/til_that_in_1999_a_group_of_hackers_discovered/gus6w0t?utm_source=share&utm_medium=web2x&context=3

REFERENCE:
https://smartermsp.com/tech-time-warp-quite-the-hotmail-hack-eh/
http://news.bbc.co.uk/2/hi/science/nature/434120.stm
https://www.wired.com/1999/08/hotmail-hackers-we-did-it/

The reddit thread:
https://www.reddit.com/r/todayilearned/comments/msbxcq/til_that_in_1999_a_group_of_hackers_discovered/

Things to follow up on:

Related TILs

Tagged: history

TIL why jpeg vs jpg

In DOS systems, a filename extension was a different part of the name stored in a different field that can only be 3 characters. You still see this legacy today in Microsoft's .NET software, where most system calls that use the word 'filename' in their name don't really mean the whole filename. They mean just the part without the extension.

TIL the first webcam

The Trojan Room coffee pot was a coffee machine located in the Computer Laboratory of the University of Cambridge, England. Created in 1991 by Quentin Stafford-Fraser and Paul Jardetzky, it was migrated from their laboratory network to the web in 1993 becoming the world's first webcam.

TIL the history of fonts

We came up with all sorts of clever techniques to do what was called 'image replacement' for text. Some of the techniques involved CSS and background images. One of the techniques involved Flash