Sign in / up

back to article Microsoft account-hijacking hole closed 48 hours after bug report

British researcher Jack Whitton has reported a Microsoft account hijacking authentication bug that would have been another arrow in an attacker's phishing quiver, save for the fact that Microsoft fixed it. Whitton quietly reported the flaw to Microsoft which pounced and took only two days to process and patch the flaw. The …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Mike Pellatt

    "Despite CSRF bugs not having the same credibility as other bugs....."

    Really ???

    3 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      "Really ???"

      My thoughts entirely. Mind you, this isn't a real bug until it has a silly name, logo and website.

      4 0 Reply
  2. Known Hero

    well you say fixed...

    But people are so adamant about not updating their Windows OS ?!

    1 2 Reply
    1. websey
      Reply Icon

      Re: well you say fixed...

      This is nothing to do with windows, this could affecct anyone its os agnostic

      2 2 Reply
      1. Anonymous Coward
        Reply Icon
        Facepalm

        Nothing to do with windows...

        @Websey: "This is nothing to do with windows, this could affecct anyone its os agnostic"

        'This is pretty similar to Wes’s awesome OAuth CSRF in Live, except it’s in the main Microsoft authentication system rather than the OAuth approval prompt.' ref

        0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like