A weakness in Windows live ID accounts

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 15:45

The title of the original thread has been spoofed by Izzet.



This is the new thread re: Headline Cyprus Today 25th September 2010 and PRESS RELEASE - http://www.ticproblemsolver.com

zerochlor


Joined: 03/04/2009
Posts: 4024

Message Posted:
27/09/2010 15:48

izzet title was incorrect, it implied somthing sinister and inset panic in people who did not understand.



only my opinion of course

TopTen


Joined: 15/04/2009
Posts: 1246

Message Posted:
27/09/2010 15:59

Please not again

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 17:25

Now, when we try to complete the process that allowed us to expoit this weakness in Windows live ID, look what comes up, part way through the process.



They are trying to fix the problem that we found.



And Izzet says that it is not a problem with Windows!



Don't be so easily led by Izzet and mmmmmm



You can see a screenshot here: http://www.jacktoff.com

zerochlor


Joined: 03/04/2009
Posts: 4024

Message Posted:
27/09/2010 17:33

well washerman, it seems they are trying to fix the problem that you discoverd in the windows live id weakness.



seems you was correct.

mmmmmm



Joined: 19/12/2008
Posts: 8398

Message Posted:
27/09/2010 17:56

Dear Dave



re msg 2



1/ email spoofing is an irritant and but not sinister



2/ 'Panic' was more the the confusing language used by Washerman and the RIDICULOUS hyping up of an 'announcement' of his son's 'find' ... IF someone finds a hole it is good 'netiquette' to advise the company with the problem and advise folk quickly... not wait for a newspaper with HIGHLY limited circulation - that most members can't see...



Washerman - well done to your lad for finding yet another loop hole... As it now appears 'all' it did was make it look like a genuine user had sent an email - but as the genuine user would get any response it wasn't 'the end of the world' from a security point of view... it WAS just a another form of spoofing .. am I wrong?



I have had a hotmail account for eons but I rarely use it as most of the email is spam :( I advise folk to set it to ask you to change your password regularly or better still move to gmail and have your hotmail/ windows live mail fwd'd.

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 17:58

Here are your some comments carried over from the spoofed thread.



Malsancak.....

Paul, you wrote an article for NCFP explaining there were a hole in a Microsoft system, now I understand it is Windows Live. You say that you informed them and the hack no longer works so why not write a follow-up article for NCFP explaining how your hack worked?



Washerman.....

Malcolm, I am not maintaining this thread any longer because the title of the thread was was changed by Izzet, but I will carry your comments over onto the thread that I am maintaining and answer you there.



Hopefully, mmmmmm will come on too and retract his speculative comments.

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 18:00

mmmmmm - is "you opened your mouth before knowing the facts" a fair assesment of your posts on the other thread.



What do you think of Izzet's claim that this is not a Microsoft problem

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 18:09

By the way mmmmmm - congratulations for eating humble pie and coming over to the 'real' thread!

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 18:19

mmmmmm - our 'encounters' follow a pattern - 'you' say something stupid without checking the facts, to try and make out that you know more than me and 'I' shoot you down in flames - and offer proof!

mmmmmm



Joined: 19/12/2008
Posts: 8398

Message Posted:
27/09/2010 18:26

Washerman.. I am extremely concious of my 'warning' from AJ so I will make my response concise and polite



msg 135



http://www.cyprus44.com/forums/46008.asp - any speculation was down to your milking us for some sort of 'attention'



'Humble Pie' is something folks 'eat' when they were incorrect - as the end result of the Microsoft flaw IS 'only' email spoofing and not a hack of a uses email account ( your words - btw) how was I wrong? My speculation re the net effect on members was CORRECT... you played 'secret squirrel' as to how it manifested itself and didn't want to tell us how to protect ourselves...



This is largely as waste of cyber-space... and folks energy... should they REALLY worry?

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 18:48

Thank you once again for coming onto the 'real' thread. Your waffle really doesn't test me any longer so,



whatever!

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 18:57

BUT, I am interested as to what you think about Izzet's assertion that this is not a Microsoft problem?



Seems that running a forum like this doesn't need that much technical know-how afterall. Maybe even a dunce like me could have a go!

mmmmmm



Joined: 19/12/2008
Posts: 8398

Message Posted:
27/09/2010 19:23

re 13



>>I am interested as to what you think about Izzet's assertion that this is not a Microsoft problem?<<



It is / was an MS related issue - in that it seemingly relates to Windows live / Hotmail users - but Izzet and I were right in that the end result isn't sinister or anything new.. it *was* a form of spoofing .



>>Seems that running a forum like this doesn't need that much technical know-how afterall. Maybe even a dunce like me could have a go!<<



Not sure what Izzet's choice of platform for his forum / website (I understand he CHOSE to write his own code, rather than using offerings from phpbb, SMF, etc. ) has to do with a flaw in MS Windows Live..



Can you be specific... are you saying Izzet is 'thick' or that you could make a better 'fist' at a forum? !

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 19:31

Again, thank's for coming onto the real thread!



A 'form' of spoofing - Ah! and whose 'form' of spoofing - yours? That's why I tried to tie you down at the beginning. You wouldn't make a very good witness!



Now, you have had many attempts at putting words into my mouth, but you can't seem to hit the treble twenty!



You have confirmed that in your opinion, Izzet was wrong in his assertion that it wasn't a.............etc.



Izzet certainly isn't thick, look how many people he has fooled, even with his apparent lack of knowledge of MS (as far as you are concerned) on the contrary, Izzet must be very clever!

mmmmmm



Joined: 19/12/2008
Posts: 8398

Message Posted:
27/09/2010 19:42

Washerman - please don't attempt to twist my words.. your conclusions are 'way off' .. but *I* am mindful of indulging you and boring others..



No matter what you write next - no matter how inaccurate - the floor is yours....

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 19:45

Thanks for coming on to the real thread!

malsancak


Joined: 23/08/2009
Posts: 2874

Message Posted:
27/09/2010 19:49

W, any chance of an explanation article to publish on NCFP which will put all these sceptics in their place?

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 19:50

Yes Malcolm - I will do it!

flutterby


Joined: 11/01/2008
Posts: 214

Message Posted:
27/09/2010 19:56

oh and mmmmmmmmmm, THANK YOU FOR COMING TO THE REAL THREAD..... .



People would be more interested to read without all the in-fighting!!!!

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 19:58

flutterby - I know mmmmmm just can't help himself can he?

flutterby


Joined: 11/01/2008
Posts: 214

Message Posted:
27/09/2010 20:07

I wasn't actually getting at mmmmmm!!! How many times did you have to say 'thank you for coming to the real thread'? Not interested who is right or wrong, just get out the facts!!!

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 20:16

Flutterby - Thank you for coming to the real thread! I specialise in getting out the facts! Problem is, others specialise in distorting them. I am sorry, I can only be courteous

waddo


Joined: 29/11/2008
Posts: 1966

Message Posted:
27/09/2010 21:24

Fact - the only microsoft product that passed the stringent security requirements of the Ministry of Defence and the US Armed Forces is Windows 95 - perhaps you would be interested to learn that a final blessing to "fully" use this product was made official by both bodies in 2002!



Every Windows product ever produced has more back doors in it than front doors and has been produced that way due to the amount of software writers involved in the lenthy process of production. There is no - and I include all Macintosh variants - totaly secure "off the shelf" software product available to anyone - they all have problems and people spend their life times trying to find them. Good for them, it saves the software houses millions of dollars in research.



Any MCSE qualified person knows this and makes it plain to the normal user - the old phrase of "Buyer Beware" is most apt for software users. Have a little faith people - there are billions of computer users - who are "THEY" after????