labels: it news
Audit blames hackers for Hotmail''s leak news
11 October 1999

An independent audit of Hotmail by industry self-regulatory watchdog TRUSTe, has revealed that malicious hackers were to be blamed for Hotmail's massive security leak recently. The incident took place in August this year and left all of Hotmail's 50 million e-mail accounts exposed to any one with access to a Web browser.

The audit was conducted by an unnamed "big five" accounting firm and pronounced Microsoft's repair work as effective. It showed the company to be in compliance with the TRUSTe licensing agreement. TRUSTe is an industry-sponsored non-profit organisation meant to assure compliance with certain Web privacy standards.

In August, a group calling itself "Hackers Unite" discovered the Hotmail hole, which was due to a blunder in Microsoft's server administration, and went on to publicise it. The hackers said they wanted to draw attention to what they said was Microsoft's spotty security record. When Microsoft announced it would open itself to an audit, critics welcomed the decision.

However, independent watchdogs felt that if the company was really committed to strong self-regulation, it should have done the same in response to a severe privacy problem discovered last March when Microsoft admitted to collecting special identification numbers from users' PCs during the Windows registration process.

At the time, the company promised it was not using the unique identifiers to track Web visitors. It said it would discontinue this practice and promised to delete any questionable data from its databases.

Microsoft did not reveal technical details of either problem or the audit. The company fixed the glitch with a patch and also put new quality-control procedures in place to prevent future problems. But web servers are generally leaky and prone to security glitches, and need to be constantly patched up to remain secure and afloat.




 search domain-b
  go
 
Audit blames hackers for Hotmail''s leak