Webmail Issues
NOTE: Since the article links on this page are over a decade old, they might not be valid any more.
Hotmail
January 18, 2001 Hotmail's spam filters have now expanded to filtering outgoing e-mail. All incoming and outgoing mail from controversial Internet service providers are being rejected. For outgoing e-mail, the Hotmail user gets an e-mail saying that the e-mail could not be sent due to the inability to connect to the recipient's mail server.
For more information see the ZDNet article, Hotmail trashes Users' e-mail.
Mailcity/iVillage
June 7, 2000 A problem was found with the MailCity and iVillage web-based e-mail services that allows a person to access other people's accounts. The problem is supposedly fixed. For more information, see the CNET News.Com article.
MSN Hotmail
Aug. 30, 1999 CNET and CNN reports a new vulnerability with the MSN Hotmail free e-mail service. There are web sites in the UK and Sweden that allow anyone to access MSN Hotmail accounts with just the username. The person can use your account to read your e-mail and send e-mail in your name without needing your password! For more information on this problem, see the following articles:
MSN Hotmail
Aug. 31, 1998 Hotmail users are vulnerable to an e-mail attachment vulnerability that can lead to their passwords being stolen. For more information:
- read the CNET News.com article
- Specialty Installations Demo
Java/JavaScript Vulnerability
Aug. 28, 1998 First reported August 25, many web-based free e-mail services are vulnerable to a problem that allows an e-mail sender to use Java or JavaScript to trick a free e-mail service user into giving the sender his or her login/password. Some Affected Services
- Yahoo! Mail
- Lycos Email
- MailCity
- Eudora Mail (the free web-based e-mail service, not the e-mail application)
- MailExcite
- News.com article #1
- News.com article #2
- ZDNet article
- Specialty Installations Description
- Specialty Installations Demo
E-mail Address Harvesting
June 29, 1998 CNET's news.com reports that Microsoft's Hotmail web-based e-mail service and Excite's web-based e-mail service have a bug which can allow remote web sites to obtain your user name for your e-mail at Hotmail or MailExcite. For more information, see the news.com article.