Hotmail customers are no longer at risk, according to Microsoft. "The 'I Love Messenger' Web site has been disabled," the company representative said in an e-mail statement. The site, which hosts emoticons, display pictures and backgrounds for MSN Messenger, Microsoft's free instant messaging service, will be restored once the issue has been resolved, the company said. On Monday afternoon PT, the I Love Messenger Web address was redirecting users to the main MSN Messenger Web site.The security flaw was found at http://ilovemessenger.msn.com. More info at CNET
MSN cross-site scripting flaw put Hotmail accounts at risk
Posted on Tuesday, Jun 07 2005 @ 16:32 CEST by Thomas De Maesschalck
Microsoft disabled a part of its MSN website as it contained a cross-site scripting flaw which allowed attackers to obtain passwords from Hotmail users by getting them to click on a malicious link.