Thursday, September 2, 1999 Published at 11:01 GMT 12:01 UK
Your reaction to the Hotmail hackers
Are you worried that strangers might read your emails? Should more be done to protect privacy? Read your comments.
I am not sending anything 'sensitive' but I feel sick thinking some person has been reading news that I send to my brother back home. I feel like my house has been burgled even though I dont know if any hacker looked in my mailbox or not.
In this whole debate the point missed is how long the loophole was open and how heavily used.
Disclosure of the loophole forced closure. Whilst it was open and undisclosed, how many people's mail was read? It is not necessarily true that the hackers who disclosed the hole in the security were the first to find it.
One of my colleagues at work demonstrated how easy it was to access my hotmail account. Not impressed at all. I am now in the process of moving my stuff over to Yahoo!!!
Has anyone ever sent anything to/from a Hotmail account that other people would be interested in reading?
I doubt it...so let's not get too paranoid. The hackers do a good job exposing loopholes.
Perhaps we should be thanking this hacker group for their trouble. If nothing else, it goes to show that non-encrypted e-mails should not contain any information we would like to keep secret. Having said that, the vast majority of my correspondence is drivel and not in the least confidential. I encrypt no more than a dozen times a year. Education is the way forward and this example has helped raise Internet awareness to security.
Who Cares? Its not affected me or 99.999% of users! They were proving a point, they had no intention of doing any harm. It just goes to show that MS are not as big and as clever as they think, which was what the group intended to prove.
The biggest beneficiary of this is Microsoft themselves. Think about it - they run Hotmail at a loss and make a third of their revenue from Office. The day before the 'hack', Sun Microsystems announced it would be giving away Star Portal, an Office suite in direct competition to Microsoft. Except that it would be web-based rather than on individual PCs. Web-based software is anathema to Microsoft as they want to sell many individual copies of software for each PC.
Just another example of immature people wanting to be noticed, I guess. Some people love to attack the biggest because they somehow think it puts them on a par with them. They want attention. They want fame. They need professional help.
I checked my mail last night to find that it wasn't working, but just
assumed the server was down. Free email services should be considered
a bonus, like the gift hours whose mouth you should never look in. If
a free, remote email service is required abroad, set up a few accounts with
different companies - Don't rely on a single server.
The more damage done to Microsoft, the better. Its products are useless, and years behind the times. They're second best. I encourage everyone to do all they can to support other companies. To support Microsoft is simply to be a glutton for punishment. Hack on, brothers!
It just goes to prove that Microsoft wants to make a quick buck and line the bank account of Bill Gates even more.
The Internet should be about making information easily available to everyone.
I think this is disgraceful. Nothing happened to my account but I was disturbed to hear that somebody could have just read any one of my messages could be read by any of the group of hackers.
Why would anyone be surprised at this? Microsoft products are not the best in the world, or the most popular, merely the most frequently used. In my opinion (and most of the software developers I know agree with me), if this monolithic, monopolistic company goes out of business, the world economy as a whole would benefit enormously.
You get nothing in this life for free. The service has been hacked and a lot of people didn't even notice. Hotmail users should think "oh well, I pay nothing for this service anyway - I hope they sort it soon". I do feel sorry for the nerdy hacker population who are intent on embarrassing large companies. We do however need these people to expose security holes as we all have confidential information residing somewhere that could be breached.
After this security breach, I will switch providers. Microsoft's arrogance takes its products off the table as far as I am concerned.
There are plenty of encryption programs available. If you want to keep your data secure it's your responsibility to encrypt it. Soon all electronic data will be encrypted as standard because people are becoming more paranoid about governments or hackers reading private stuff
I believe that hackers are necessary to anyone who uses internet-enabled/computer software. Governments and companies which do sensitive work can and should be employing these people precisely to target where the breaches in security are and possibly assist in helping to fix those breaches. Perhaps, if we supported hackers, rather than vilify them, Serbian hackers wouldn't have caused havoc with some websites during the last Balkan crisis and a number of Indonesian sites destroyed by East Timor hackers.
Perhaps now Bill Gates will stop thinking about making money and instead think about producing some quality software to be really proud of.
This is old news. And quite frankly, If anyone sends confidential information over the net without 128 bit encryption then they are taking a huge and well understood risk. Hotmail is just a service aimed at anyone who wishes to send fairly unimportant messages. To expect anything more from Hotmail is to expect too much.
As a Hotmail user myself, it is with some concern that I note yet another breach of site security. Upon this occasion the hackers appear to be a bunch of cyber-teenagers. If cyber-terrorists were involved instead, then presumably we would be talking about a very major breach of security. It is beginning to look as if I will have to take my e-mail account elsewhere.
People seem to be missing the point. This issue here is not to do with the fact that Hotmail was cracked, but the simplicity of the crack. Microsoft are notorious for employing recent graduates who are cheap and enthusiastic but would have no interest in investigating the security of an old system. The recent front end changes were all marketing exercises, your password is passed securely but anybody on a computer on your local network can still read your mail. Microsoft again is putting money into the wrong places. After all, Hotmail is not the most complicated of systems.
With its virtual monopoly on Operating Systems and a large share of the browser market Microsoft has a responsibility to provide properly tested and completed products. On many occasions Microsoft has released flawed software onto the market which have required major 'service packs' within days of release. Microsoft is being sloppy with its products because it has little to fear from competition with its domineering position in the marketplace.
E-mail has never been safe.
How many e-mails have you sent that have 'disappeared', stuck on some server because you misspelled the recipient's address, or because of some 'technical' hitch.
E-mail should be considered as nothing more than a convenience.
I think that Bill Gates should pay "damages" to each Hotmail user.
Microsoft responded "quickly" - but how long had this problem been known before the hackers went public with it? If MS spent less time "innovating" and more time debugging this sort of thing might happen less often.
Who really cares about these guys? Who in their right mind would send or keep anything or sensitive on a web based system anyway? And finally what use is it to trawl through people's endless chatter in their e-mails?
Hotmail is a free service. If it's that bad, just don't use it.
You get what you pay for! Hackers Unite!
I'm very worried by this breach of security, though I can't say that I'm surprised. I have worked in the IT industry as a translator for 10 years, and I know there's no way you can have 100% security. So, I wish the IT industry would stop telling us that we can.
The problem is mainly because of the lack of good programmers.
I think, that webmail is not supposed to be 100% secure, because it's free.
Having just learned of the flaw in Microsoft's implementation the Java Virtual machine it seems only a matter of time as the internet collapses under the weight of its own infantile complexity.
So, the hackers have again used the excuse of 'showing up the problems in security' to justify their actions. Big deal. For the majority of Hotmail users, limited security is not a problem but I do have a problem with people who use computers to prove how clever they are. Come on, hackers - pull computing out of the nerd-age!!
Whatever we feel about Microsoft and it's size it seems imperative that we deal with issues openly and honestly.
Once again somebody does something illegal and immoral and the victim is the bad guy.
I've had my car broken into 6 times. I guess its my fault because a) I don't have a good security system (can't afford it ) and b) I don't leave anything for the thieves to take. Great logic heh?!
I can't help but think there must be some pretty bored hackers out there if they are so desperate to read other people's email. I'd rather watch paint dry!
We hand our letter mail to an unknown person and our post goes missing everyday, but we think nothing of it.
Why because its electronic do we think its any different. Post Vans get stolen with mail in them and the thieves may or may not look at our post.
What is the difference? Nothing, yet you the media make it into a huge story.
Just because you are the world's largest software company doesn't mean to say you have the best products. Anything that dents the arrogance of Microsoft is a good thing, if only to force them into making better products and not release buggy, bloated code.
I'm absolutely appalled particularly as I've been using hotmail as a "safe" remote address to send/receive sensitive e-mail in view of Malaysia's recent troubles. Anyhow, I've always felt that Microsoft was getting too big, monolithic and monopolistic to be allowed to continue unchecked. They've bullied many PC manufacturers into using Windows and are probably going to get away with a lot more unless the various antitrust actions against them succeed. Good lesson from Hackers, though.
Let's just remember Hotmail is free. Agreed, we are subject to adverts and Hotmail is particularly prone to spam but we don't pay a penny for it. It's is unfortunate it got hacked, but Microsoft fixed it in two hours. If people want a secure safe e-mail system then pay for it. Yes, Microsoft OS/Internet software is prone to security flaws but so are Sun, Netscape, Apache, Linux and yes Microsoft's software contains bugs but so does software from Computer Associates, Corel, Adobe, Sage etc.
Microsoft will undoubtedly put the usual spin on this as they have done in the past. Namely, that any bugs or security breaches miraculously become features, hitherto undocumented.
It's just another drop in the bucket to show how information is not free and that if you want security, you have to pay for it.
Of course this break-in to hotmail.com will be a serious embarrassment to Microsoft.
As an electronics engineer, I know how easy it is for bugs to creep into a program.
I hope Microsoft will pull up their socks coz this is one big slap on the face for them
There is no such thing as perfect security. There is excellent security which is reserved for high-end computers in government and big financial institutions.
But security over the Internet has to operate at practical speeds so its bound to have a fault here or there and as such it is a continuos struggle between hackers and the developers of the particular security system.
Locks are made to keep honest people out.
They do not, have not, nor ever will, prevent the dishonest or dishonourable from accessing anything; be it car, home, or computer. Inherent in committing to a service of any description is the " self interest" factor; - you are responsible - not the company.
In short did the people who are complaining, if any outside the media, determine what security existed.
Hotmail is a relatively good service. But, if you don't like it, there are many others to choose from. As for the 'security' issue, unless you use a cryptographic program you have no security with anybody.
Security procedures need to be reviewed and tightened up at once. This should never have happened.
What are people doing storing sensitive material on these types of email systems? Surely it is obvious that these systems are not going to be very secure. If you're using email for sensitive material - get a decent POP3 system that is tried and tested. Hotmail is a great system for keeping in touch wherever you are, but it is a cheep shortcut to setting up a proper system that could end up being very expensive.
Somewhat hysterical really. Free e-mail services (and there are many) represent very good value for money(!) but you can hardly expect the cutting edge in security. No one blames BT et al when their telephone is tapped. Of course if you don't like or trust Microsoft you can always use one of the other software providers on the market but will the standard of the product or the level of security be any better? I would doubt it.
Recently I received a slogan from a friend: "Microsoft ... a triumph of marketing over reality!" Is he right, I wonder. The company is hardly ever out of the news these days. There are other good software companies around and it's time they got a look-in. Bill Gates has made his millions, so it's high time that Microsoft had some healthy competition.
Well! One should always be aware of such things. But I'm glad they fixed the problem.
Good grief. Let's not show our pettiness on this issue. It happens. It is cyberspace after all. I'm sure Microsoft is really not trying to let these things happen. The reason, I feel, is because they are so large in the industry. These people, the hackers, like to see their names *in lights*. It makes their day.
Security is a state of mind. What do you expect? Treat email as safe as it is now. For everything we design "unhackable" they will try to hack it. It is as old as the web itself. There is nothing that we can do, I think.
I have never had confidence in the security of any email system on the Internet and for this reason I do not use it for any sensitive or private data.
This is yet another example of how PR and marketing in the Internet marketplace is tragically mismanaged by techies. So e-mail is not secure - BIG DEAL - telephone, fax, and postal communication are all as equally flawed, so what have the 'hackers' got to shout about ? This kind of overblown 'scare-mongering' puts yet another obstacle to the web becoming a truly mass-media. This is a massive piece of non-news created by anoraks living in a juvenile world of hidden agenda.
You get what you pay for - and Hotmail is free. So stop complaining.
Hacking has always been intent on subverting that which is legal, but the end result of this type of hacking can prove beneficial to all.
Maybe what is needed is an Ethical Hacking Guild that would only be subversive for the common good. Just like reporters claim, when they discover an abuse of power or trust which is against the common good.
I think that these young people should pay for the time it takes to fix these problems
With the advancement of e-commerce the issue of security is paramount and Microsoft need to wake-up and realise this and to start making sure that the products they ship are secure, and maybe with Windows 2000 they can try to limit the number of service packs and updates to single figures!
My first comment, in support of Microsoft, is that they are a natural target for Crackers. ALL systems be they Microsoft, Apple, Netware or any of the Unix variants, have holes.. we have had our Unix email server cracked recently, for example. But it's fun to crack Microsoft, and make them look stupid. Secondly, if "Hackers Unite" or whatever they call themselves, wanted to "point-out" security holes, they didn't have to do it by publishing the Crack to all a sundry. They could have just told Microsoft. Microsoft should be employing Hackers to try and find the holes.
It's frightening that one of the most powerful companies in the world can make money from such shoddy work. We are obviously not getting what we pay for. Any other company would be out of business by now. How many businesses can get away with selling products that don't work properly??
This shows that while politicians, the media and others have been hysterical over Y2K, the real problem is that the computers and networks we use every day are deeply flawed and will remain so as long as they are built by humans.
This only goes to further prove exactly what the hackers wanted: that Microsoft's security systems are so riddled with holes that anyone with the know-how can waltz into their systems. Microsoft's excuses do not suffice: they should have made their software secure to begin with, regardless of whether 100% security is possible or not. Other systems like Linux and NetBSD do succeed in making virtually impregnable mail servers--the weak link in the chain is, quite often, when your mail lands on a Microsoft server on its way to its destination.
If ever there was a company that did not deserve a monopoly, it was Microsoft.
The breach merely reminds me that you cannot expect anything fantastic for free, especially in the somewhat dodgy and uncontrolled world of web based email.
I still prefer POP3 accounts, at least you don't have to remain online all the time.
As any programmer knows if you have to put sticking plaster over a problem to fix it hurriedly it may well cause other problems or security risks. Microsoft is actually a victim of using this policy over a number of years, having produced complex code with little or no documentation or design process which leaves them entirely vulnerable to this kind of thing. The most amazing thing is that they consistently get away with it. The UK government should consider some kind of action similar to that in the US to restrict Microsoft's exploitation of its monopoly position, forcing us to accept sub-standard code in order to run on the standard platform.
I fully support the hackers, and I am not surprised that it was so easy for them. Thank god they did it responsibly, they could have done a lot more damage if they were malicious. The crime is that people believe in the security of computers. COMPUTER SYSTEMS ARE NOT SECURE, OK? Why do you think Bank Statements contain errors? IT Systems rule our lives, yet they are unreliable and insecure. Will people ever realise this? I doubt it.
Microsoft are not to be trusted.
Hackers should not be locked up and be classified as criminals, they should be honoured by the work they do as they show the public how fragile the whole computer security really is.
It's a bit of a non-story this as:
I only hope Microsoft are able to learn from this embarrassment and investigate their other products for similar weaknesses. They should also retro-fit any other security fixes into their products asap and offer upgrades or patches free of charge to their existing Customer base.
I don't have a Hotmail account but if I did I would want to have the UK Data Protection Registrar fully investigate this incident. If the accounts could be hacked as easily as the reports suggest then Microsoft may be in breach of a number of the Data Protection Principles.
That's inevitably what happens when a monopoly is allowed to form. However, the monopoly is created by customers, not suppliers, and is therefore self-inflicted. In case you are wondering, no - there is nothing from Microsoft on my computer.
So what? Everyone likes to have a bash at Microsoft and that is why this is big news, if it was deja, yahoo or one of the other on line email systems then it wouldn't be headline news on the BBC. Anyone who stores email on a server and not on a local machine is leaving themselves open to this sort of thing. I use hotmail from work just to chat with people, if hackers want to read about when I am going to the pub and with whom, then they are welcome to it. I am really surprised that the BBC are making a big deal out of this.
Fewer marketing people, better programmers, will solve some problems @MS..
"We will be looking at how the information which created this problem was made public" says Erin Brewer. I fail to see how the availability of information about a security problem is the cause of the problem. (And yes, that is a hotmail address I have)
I have (should that be had? will be cancelling now...) an account with Hotmail,
and had a great deal of trouble, accessing my mail - a page came up saying my ID was invalid, and to try again later... no reply has yet been received from them, to a complaint sent via a separate ISP....with all the ads and spam I get, despite opting out at the start, it is not worth it anymore.
The security breach at Hotmail was indeed an embarrassment for Microsoft. However the hackers showed how easy it was to bypass the security routines. I have a Hotmail account and am glad that they showed up this problem otherwise it may have gone unnoticed and someone could really abuse the system.
Although I don't use my hotmail account as much as most people do, It doesn't surprise me that it's open to hacking. Does this event not show that Microsoft care more about making profit rather than checking and resolving a simple security hazard which I am aware has been available for a couple of weeks. Another aspect of Hacking Microsoft should cut down is reports on people setting up main accounts such as "firstname.lastname@example.org" which asks people if they want to know other peoples passwords, to forward their username and password plus the other persons hotmail account. This will not give the other persons password, but the "hacker" your username and password. Notice the e-mail address as email@example.com?
Surely they could cut this down someway or another?
I regard all my email as public documents and advise the people I
support to do the same, then they won't be embarrassed if they are
I'm not too concerned about Internet security as I follow the theory that
common sense prevails. I don't release personal information except to
companies that have a proven reputation of security such as Amazon etc.
Microsoft products on the other hand are notoriously insecure. Melissa
proved the flaws in Outlook (Express). IE's security is a joke. Yet this
company has a near worldwide monopoly. I find it laughable that MS try to
play down the problem by saying that they responded quickly. The news of
this spread like wildfire yet it took MS 6 hours to take down the servers
and longer to fix the problem.
If I send letters by post, someone might open them. Even the postman
If I send letters via Hotmail, someone in Hotmail's organisation could
probably read them.
No matter how well you organise security, there are always going to be
There's no such thing as absolutely 100 % safe.
As long as Hotmail stops the gaps as soon as they find them, I think
it's a very safe way to send your mail.
It is worrying that someone may have had access to my e-mail account and
even more worrying that they may have sent messages under my name. I
have received some strange replies over the last few months and are
wondering could it be due to this. I must say that Microsoft did react
quickly and at least that is comforting.