Europe South Asia Asia Pacific Americas Middle East Africa BBC Homepage World Service Education



Front Page

World

UK

UK Politics

Business

Sci/Tech

Health

Education

Sport

Entertainment

Talking Point

In Depth

On Air

Archive
Feedback
Low Graphics
Help

Thursday, September 2, 1999 Published at 11:01 GMT 12:01 UK


Sci/Tech

Your reaction to the Hotmail hackers


Are you worried that strangers might read your emails? Should more be done to protect privacy? Read your comments.

I am not sending anything 'sensitive' but I feel sick thinking some person has been reading news that I send to my brother back home. I feel like my house has been burgled even though I dont know if any hacker looked in my mailbox or not.
Jakzyk Urkoff, Poland/US

In this whole debate the point missed is how long the loophole was open and how heavily used. Disclosure of the loophole forced closure. Whilst it was open and undisclosed, how many people's mail was read? It is not necessarily true that the hackers who disclosed the hole in the security were the first to find it.
In addition what is certain that more loopholes exist and are exploited for various purposes. In fact various governments are actively working to require the ability electronically eavesdrop on IP transmissions.
Gareth, UK

One of my colleagues at work demonstrated how easy it was to access my hotmail account. Not impressed at all. I am now in the process of moving my stuff over to Yahoo!!!
Jason, UK

Has anyone ever sent anything to/from a Hotmail account that other people would be interested in reading? I doubt it...so let's not get too paranoid. The hackers do a good job exposing loopholes.
Paul Baker, UK

Perhaps we should be thanking this hacker group for their trouble. If nothing else, it goes to show that non-encrypted e-mails should not contain any information we would like to keep secret. Having said that, the vast majority of my correspondence is drivel and not in the least confidential. I encrypt no more than a dozen times a year. Education is the way forward and this example has helped raise Internet awareness to security.
Robert Skey, Scotland

Who Cares? Its not affected me or 99.999% of users! They were proving a point, they had no intention of doing any harm. It just goes to show that MS are not as big and as clever as they think, which was what the group intended to prove.
Steve, England

The biggest beneficiary of this is Microsoft themselves. Think about it - they run Hotmail at a loss and make a third of their revenue from Office. The day before the 'hack', Sun Microsystems announced it would be giving away Star Portal, an Office suite in direct competition to Microsoft. Except that it would be web-based rather than on individual PCs. Web-based software is anathema to Microsoft as they want to sell many individual copies of software for each PC.
So what better way of pulling the rug from under potential competition from Sun than by undermining people's confidence in web-based software. If people don't trust it for email they certainly won't want to run their spreadsheets on it. So they'll just have to stick with MS office after all. Microsoft must be crying all the way to the bank on this one.
Tim Harrell, UK

Just another example of immature people wanting to be noticed, I guess. Some people love to attack the biggest because they somehow think it puts them on a par with them. They want attention. They want fame. They need professional help.
Arthur O'Neill, USA

I checked my mail last night to find that it wasn't working, but just assumed the server was down. Free email services should be considered a bonus, like the gift hours whose mouth you should never look in. If a free, remote email service is required abroad, set up a few accounts with different companies - Don't rely on a single server.
Andy Saul, UK

The more damage done to Microsoft, the better. Its products are useless, and years behind the times. They're second best. I encourage everyone to do all they can to support other companies. To support Microsoft is simply to be a glutton for punishment. Hack on, brothers!
Philip Rowell, UK

It just goes to prove that Microsoft wants to make a quick buck and line the bank account of Bill Gates even more.
Manuel Uffdiva, Spain

The Internet should be about making information easily available to everyone.
Dan, Australia

I think this is disgraceful. Nothing happened to my account but I was disturbed to hear that somebody could have just read any one of my messages could be read by any of the group of hackers.
Simon, England

Why would anyone be surprised at this? Microsoft products are not the best in the world, or the most popular, merely the most frequently used. In my opinion (and most of the software developers I know agree with me), if this monolithic, monopolistic company goes out of business, the world economy as a whole would benefit enormously.
Michael Hing, UK

You get nothing in this life for free. The service has been hacked and a lot of people didn't even notice. Hotmail users should think "oh well, I pay nothing for this service anyway - I hope they sort it soon". I do feel sorry for the nerdy hacker population who are intent on embarrassing large companies. We do however need these people to expose security holes as we all have confidential information residing somewhere that could be breached.
Jimma, England

After this security breach, I will switch providers. Microsoft's arrogance takes its products off the table as far as I am concerned.
Connie, Ireland

There are plenty of encryption programs available. If you want to keep your data secure it's your responsibility to encrypt it. Soon all electronic data will be encrypted as standard because people are becoming more paranoid about governments or hackers reading private stuff
Ewan Chilton, UK

I believe that hackers are necessary to anyone who uses internet-enabled/computer software. Governments and companies which do sensitive work can and should be employing these people precisely to target where the breaches in security are and possibly assist in helping to fix those breaches. Perhaps, if we supported hackers, rather than vilify them, Serbian hackers wouldn't have caused havoc with some websites during the last Balkan crisis and a number of Indonesian sites destroyed by East Timor hackers.
I do also believe that some businesses do need a bit of a shock to make them realise that a lot of work still needs to be done on software security before systems are as secure as some claim. However, I do draw the line at supporting those who hack into other people's mail and read it simply because they can. To me that seems a gross invasion of privacy.
Caroline Macdonald, UK

Perhaps now Bill Gates will stop thinking about making money and instead think about producing some quality software to be really proud of.
John Clothier, UK

This is old news. And quite frankly, If anyone sends confidential information over the net without 128 bit encryption then they are taking a huge and well understood risk. Hotmail is just a service aimed at anyone who wishes to send fairly unimportant messages. To expect anything more from Hotmail is to expect too much.
Charles Herbaut, Netherlands

As a Hotmail user myself, it is with some concern that I note yet another breach of site security. Upon this occasion the hackers appear to be a bunch of cyber-teenagers. If cyber-terrorists were involved instead, then presumably we would be talking about a very major breach of security. It is beginning to look as if I will have to take my e-mail account elsewhere.
Mark Morgan, UK

People seem to be missing the point. This issue here is not to do with the fact that Hotmail was cracked, but the simplicity of the crack. Microsoft are notorious for employing recent graduates who are cheap and enthusiastic but would have no interest in investigating the security of an old system. The recent front end changes were all marketing exercises, your password is passed securely but anybody on a computer on your local network can still read your mail. Microsoft again is putting money into the wrong places. After all, Hotmail is not the most complicated of systems.
Kolley Kibber, Australia

With its virtual monopoly on Operating Systems and a large share of the browser market Microsoft has a responsibility to provide properly tested and completed products. On many occasions Microsoft has released flawed software onto the market which have required major 'service packs' within days of release. Microsoft is being sloppy with its products because it has little to fear from competition with its domineering position in the marketplace.
James Birch, England

E-mail has never been safe. How many e-mails have you sent that have 'disappeared', stuck on some server because you misspelled the recipient's address, or because of some 'technical' hitch. E-mail should be considered as nothing more than a convenience.
Daren, UK

I think that Bill Gates should pay "damages" to each Hotmail user.
Andy Fraser, USA

Microsoft responded "quickly" - but how long had this problem been known before the hackers went public with it? If MS spent less time "innovating" and more time debugging this sort of thing might happen less often.
John, UK

Who really cares about these guys? Who in their right mind would send or keep anything or sensitive on a web based system anyway? And finally what use is it to trawl through people's endless chatter in their e-mails?
Robin Smyth, UK

Hotmail is a free service. If it's that bad, just don't use it. You get what you pay for! Hackers Unite!
Steve, Sweden

I'm very worried by this breach of security, though I can't say that I'm surprised. I have worked in the IT industry as a translator for 10 years, and I know there's no way you can have 100% security. So, I wish the IT industry would stop telling us that we can.
Susanne Poulsen, Denmark

The problem is mainly because of the lack of good programmers.
Foad Motalebi, Malaysia

I think, that webmail is not supposed to be 100% secure, because it's free.
Nicolas, Argentina

Having just learned of the flaw in Microsoft's implementation the Java Virtual machine it seems only a matter of time as the internet collapses under the weight of its own infantile complexity.
James N. Jones, USA

So, the hackers have again used the excuse of 'showing up the problems in security' to justify their actions. Big deal. For the majority of Hotmail users, limited security is not a problem but I do have a problem with people who use computers to prove how clever they are. Come on, hackers - pull computing out of the nerd-age!!
Kris Rowell, England

Whatever we feel about Microsoft and it's size it seems imperative that we deal with issues openly and honestly. Once again somebody does something illegal and immoral and the victim is the bad guy. I've had my car broken into 6 times. I guess its my fault because a) I don't have a good security system (can't afford it ) and b) I don't leave anything for the thieves to take. Great logic heh?!
Michael Sullivan, Canada

I can't help but think there must be some pretty bored hackers out there if they are so desperate to read other people's email. I'd rather watch paint dry!
Roger Balch, Australia

We hand our letter mail to an unknown person and our post goes missing everyday, but we think nothing of it. Why because its electronic do we think its any different. Post Vans get stolen with mail in them and the thieves may or may not look at our post. What is the difference? Nothing, yet you the media make it into a huge story.
Chris Pearson, England

Just because you are the world's largest software company doesn't mean to say you have the best products. Anything that dents the arrogance of Microsoft is a good thing, if only to force them into making better products and not release buggy, bloated code.
Nik Middleton, USA

I'm absolutely appalled particularly as I've been using hotmail as a "safe" remote address to send/receive sensitive e-mail in view of Malaysia's recent troubles. Anyhow, I've always felt that Microsoft was getting too big, monolithic and monopolistic to be allowed to continue unchecked. They've bullied many PC manufacturers into using Windows and are probably going to get away with a lot more unless the various antitrust actions against them succeed. Good lesson from Hackers, though.
Philip Wong, Malaysia

Let's just remember Hotmail is free. Agreed, we are subject to adverts and Hotmail is particularly prone to spam but we don't pay a penny for it. It's is unfortunate it got hacked, but Microsoft fixed it in two hours. If people want a secure safe e-mail system then pay for it. Yes, Microsoft OS/Internet software is prone to security flaws but so are Sun, Netscape, Apache, Linux and yes Microsoft's software contains bugs but so does software from Computer Associates, Corel, Adobe, Sage etc.
Adam Webb, UK

Microsoft will undoubtedly put the usual spin on this as they have done in the past. Namely, that any bugs or security breaches miraculously become features, hitherto undocumented.
John Ochiltree, UK

It's just another drop in the bucket to show how information is not free and that if you want security, you have to pay for it.
Cary Vanley, USA

Of course this break-in to hotmail.com will be a serious embarrassment to Microsoft. As an electronics engineer, I know how easy it is for bugs to creep into a program. I hope Microsoft will pull up their socks coz this is one big slap on the face for them
Mario Da Costa, India

There is no such thing as perfect security. There is excellent security which is reserved for high-end computers in government and big financial institutions. But security over the Internet has to operate at practical speeds so its bound to have a fault here or there and as such it is a continuos struggle between hackers and the developers of the particular security system.
Tiaan Tromp, UK

Locks are made to keep honest people out. They do not, have not, nor ever will, prevent the dishonest or dishonourable from accessing anything; be it car, home, or computer. Inherent in committing to a service of any description is the " self interest" factor; - you are responsible - not the company. In short did the people who are complaining, if any outside the media, determine what security existed.
D. Madoc-jones, Hoong Kong PRC

Hotmail is a relatively good service. But, if you don't like it, there are many others to choose from. As for the 'security' issue, unless you use a cryptographic program you have no security with anybody.
Dave Adams, USA

Security procedures need to be reviewed and tightened up at once. This should never have happened.
Zyg Suzin, UK

What are people doing storing sensitive material on these types of email systems? Surely it is obvious that these systems are not going to be very secure. If you're using email for sensitive material - get a decent POP3 system that is tried and tested. Hotmail is a great system for keeping in touch wherever you are, but it is a cheep shortcut to setting up a proper system that could end up being very expensive.
Andy Male, UK

Somewhat hysterical really. Free e-mail services (and there are many) represent very good value for money(!) but you can hardly expect the cutting edge in security. No one blames BT et al when their telephone is tapped. Of course if you don't like or trust Microsoft you can always use one of the other software providers on the market but will the standard of the product or the level of security be any better? I would doubt it.
Roger Green, UK

Recently I received a slogan from a friend: "Microsoft ... a triumph of marketing over reality!" Is he right, I wonder. The company is hardly ever out of the news these days. There are other good software companies around and it's time they got a look-in. Bill Gates has made his millions, so it's high time that Microsoft had some healthy competition.
Elke Siekmann, England

Well! One should always be aware of such things. But I'm glad they fixed the problem.
Hossana H. Aberra, Ethiopia

Good grief. Let's not show our pettiness on this issue. It happens. It is cyberspace after all. I'm sure Microsoft is really not trying to let these things happen. The reason, I feel, is because they are so large in the industry. These people, the hackers, like to see their names *in lights*. It makes their day.
Jan Dreyer, USA

Security is a state of mind. What do you expect? Treat email as safe as it is now. For everything we design "unhackable" they will try to hack it. It is as old as the web itself. There is nothing that we can do, I think.
Richard Schrijer, Lithuania

I have never had confidence in the security of any email system on the Internet and for this reason I do not use it for any sensitive or private data.
Bob Neumann, UK

This is yet another example of how PR and marketing in the Internet marketplace is tragically mismanaged by techies. So e-mail is not secure - BIG DEAL - telephone, fax, and postal communication are all as equally flawed, so what have the 'hackers' got to shout about ? This kind of overblown 'scare-mongering' puts yet another obstacle to the web becoming a truly mass-media. This is a massive piece of non-news created by anoraks living in a juvenile world of hidden agenda.
Tim Carter, Germany

You get what you pay for - and Hotmail is free. So stop complaining.
Nick Luscombe, UK

Hacking has always been intent on subverting that which is legal, but the end result of this type of hacking can prove beneficial to all. Maybe what is needed is an Ethical Hacking Guild that would only be subversive for the common good. Just like reporters claim, when they discover an abuse of power or trust which is against the common good.
Ed Campbell, England

I think that these young people should pay for the time it takes to fix these problems
Carole Booty, England

With the advancement of e-commerce the issue of security is paramount and Microsoft need to wake-up and realise this and to start making sure that the products they ship are secure, and maybe with Windows 2000 they can try to limit the number of service packs and updates to single figures!
Lindsay Ewing, Scotland

My first comment, in support of Microsoft, is that they are a natural target for Crackers. ALL systems be they Microsoft, Apple, Netware or any of the Unix variants, have holes.. we have had our Unix email server cracked recently, for example. But it's fun to crack Microsoft, and make them look stupid. Secondly, if "Hackers Unite" or whatever they call themselves, wanted to "point-out" security holes, they didn't have to do it by publishing the Crack to all a sundry. They could have just told Microsoft. Microsoft should be employing Hackers to try and find the holes.
Paul Bickmore, England

It's frightening that one of the most powerful companies in the world can make money from such shoddy work. We are obviously not getting what we pay for. Any other company would be out of business by now. How many businesses can get away with selling products that don't work properly??
Neil Cooper, England

This shows that while politicians, the media and others have been hysterical over Y2K, the real problem is that the computers and networks we use every day are deeply flawed and will remain so as long as they are built by humans.
Jonathan, England

This only goes to further prove exactly what the hackers wanted: that Microsoft's security systems are so riddled with holes that anyone with the know-how can waltz into their systems. Microsoft's excuses do not suffice: they should have made their software secure to begin with, regardless of whether 100% security is possible or not. Other systems like Linux and NetBSD do succeed in making virtually impregnable mail servers--the weak link in the chain is, quite often, when your mail lands on a Microsoft server on its way to its destination. If ever there was a company that did not deserve a monopoly, it was Microsoft.
J. Grantham, Germany

The breach merely reminds me that you cannot expect anything fantastic for free, especially in the somewhat dodgy and uncontrolled world of web based email. I still prefer POP3 accounts, at least you don't have to remain online all the time.
Andrew Muir, UK

As any programmer knows if you have to put sticking plaster over a problem to fix it hurriedly it may well cause other problems or security risks. Microsoft is actually a victim of using this policy over a number of years, having produced complex code with little or no documentation or design process which leaves them entirely vulnerable to this kind of thing. The most amazing thing is that they consistently get away with it. The UK government should consider some kind of action similar to that in the US to restrict Microsoft's exploitation of its monopoly position, forcing us to accept sub-standard code in order to run on the standard platform.
Fiona Jarvis, UK

I fully support the hackers, and I am not surprised that it was so easy for them. Thank god they did it responsibly, they could have done a lot more damage if they were malicious. The crime is that people believe in the security of computers. COMPUTER SYSTEMS ARE NOT SECURE, OK? Why do you think Bank Statements contain errors? IT Systems rule our lives, yet they are unreliable and insecure. Will people ever realise this? I doubt it.
Paul Goodliffe, England

Microsoft are not to be trusted.
Pete Land, Scotland

Hackers should not be locked up and be classified as criminals, they should be honoured by the work they do as they show the public how fragile the whole computer security really is.
Reiner Vester, Australia

It's a bit of a non-story this as:
1) E-mail is not a secure medium (hence PGP and other encryption software).
2) Anyone who wants to spend time reading other people's mail should get out more.
3) Microsoft's recent record on security hasn't been spectacularly good.
So well done Swedish hackers for gaining access to over 100,000 copies of the "Neiman-Marcus cookie recipe" e-mail.
Phil Hawkes, UK

I only hope Microsoft are able to learn from this embarrassment and investigate their other products for similar weaknesses. They should also retro-fit any other security fixes into their products asap and offer upgrades or patches free of charge to their existing Customer base.
Andy Seed, England

I don't have a Hotmail account but if I did I would want to have the UK Data Protection Registrar fully investigate this incident. If the accounts could be hacked as easily as the reports suggest then Microsoft may be in breach of a number of the Data Protection Principles.
Tim Lord, UK

That's inevitably what happens when a monopoly is allowed to form. However, the monopoly is created by customers, not suppliers, and is therefore self-inflicted. In case you are wondering, no - there is nothing from Microsoft on my computer.
Richard Watson, UK

So what? Everyone likes to have a bash at Microsoft and that is why this is big news, if it was deja, yahoo or one of the other on line email systems then it wouldn't be headline news on the BBC. Anyone who stores email on a server and not on a local machine is leaving themselves open to this sort of thing. I use hotmail from work just to chat with people, if hackers want to read about when I am going to the pub and with whom, then they are welcome to it. I am really surprised that the BBC are making a big deal out of this.
Neil Weller, UK

Fewer marketing people, better programmers, will solve some problems @MS..
Rob, Netherlands

"We will be looking at how the information which created this problem was made public" says Erin Brewer. I fail to see how the availability of information about a security problem is the cause of the problem. (And yes, that is a hotmail address I have)
Jason, South Africa

I have (should that be had? will be cancelling now...) an account with Hotmail, and had a great deal of trouble, accessing my mail - a page came up saying my ID was invalid, and to try again later... no reply has yet been received from them, to a complaint sent via a separate ISP....with all the ads and spam I get, despite opting out at the start, it is not worth it anymore.
Paul, UK It's about time that Microsoft were shown up. They're the biggest but not the best. It's not just their security that's dodgy - it's all of their programming, not to mention their business tactics. Fair play to the Hackers!!
Simon Geraghty, Germany

The security breach at Hotmail was indeed an embarrassment for Microsoft. However the hackers showed how easy it was to bypass the security routines. I have a Hotmail account and am glad that they showed up this problem otherwise it may have gone unnoticed and someone could really abuse the system.
Dave Wilson, UK

Although I don't use my hotmail account as much as most people do, It doesn't surprise me that it's open to hacking. Does this event not show that Microsoft care more about making profit rather than checking and resolving a simple security hazard which I am aware has been available for a couple of weeks. Another aspect of Hacking Microsoft should cut down is reports on people setting up main accounts such as "passworld@hotmail.com" which asks people if they want to know other peoples passwords, to forward their username and password plus the other persons hotmail account. This will not give the other persons password, but the "hacker" your username and password. Notice the e-mail address as passwor*l*d@hotmail.com? Surely they could cut this down someway or another?
Peter Time, Northern Ireland

I regard all my email as public documents and advise the people I support to do the same, then they won't be embarrassed if they are hacked.
Ian Sinclair

I'm not too concerned about Internet security as I follow the theory that common sense prevails. I don't release personal information except to companies that have a proven reputation of security such as Amazon etc. Microsoft products on the other hand are notoriously insecure. Melissa proved the flaws in Outlook (Express). IE's security is a joke. Yet this company has a near worldwide monopoly. I find it laughable that MS try to play down the problem by saying that they responded quickly. The news of this spread like wildfire yet it took MS 6 hours to take down the servers and longer to fix the problem.
Steven McCarthy

If I send letters by post, someone might open them. Even the postman could. If I send letters via Hotmail, someone in Hotmail's organisation could probably read them. No matter how well you organise security, there are always going to be hackers. There's no such thing as absolutely 100 % safe. As long as Hotmail stops the gaps as soon as they find them, I think it's a very safe way to send your mail.
Bert Ruitenburg

It is worrying that someone may have had access to my e-mail account and even more worrying that they may have sent messages under my name. I have received some strange replies over the last few months and are wondering could it be due to this. I must say that Microsoft did react quickly and at least that is comforting.
Michael





Advanced options | Search tips




Back to top | BBC News Home | BBC Homepage | ©


Sci/Tech Contents


Relevant Stories

31 Aug 99 | Sci/Tech
Hackers strike Hotmail





Internet Links


Microsoft statement on Hotmail closure


The BBC is not responsible for the content of external internet sites.




In this section

World's smallest transistor

Scientists join forces to study Arctic ozone

Mathematicians crack big puzzle

From Business
The growing threat of internet fraud

Who watches the pilots?

From Health
Cold 'cure' comes one step closer