Hotmail Hacking, Part 3
12 March 2011
In the previous post I said that I thought there were only two possible ways that a hacker could have gained entry to my Hotmail account: mind-reading or brute force.
There is actually a third possibility I failed to mention. I used to log in to my Hotmail account via this page:
I should have been using this page:
Notice the difference?
The page I should have been using has been verified by VeriSign to be an authentic Microsoft website (hence the green banner in the ULR bar) and it is also a “secure page” that will protect my username and password from “eavesdroppers“. I know this because the URL for the second page starts with https rather than just http.
The reason the second page is deemed secure is that when I enter my username and password, that information is passed along to Microsoft’s servers through an encrypted tunnel. The concept is very similar to VPN security, which I’ve written about before.
The upshot is that the second website will prevent eavesdropping and man in the middle attacks, both of which can be a problem if you are sending important information (like username and password details) through the internet while using a wi-fi hotspot.
Perhaps my email account got hacked last year because I logged on through the unsecure site while using a public wi-fi network somewhere. Don’t make that mistake.
Dear Hotmail…
If you’re listening, please remove your unsecured log in page from the web!
Read more about passwords