Describes a security hole by which a hacker can gain access to a user's Passport shopping profile by stealing their Hotmail cookie.

To correct serious security flaws, Microsoft on Friday disabled the virtual wallet function of its Passport service and has begun notifying partners about the vulnerabilities, the company has confirmed. By Brian McWilliams.

A previously unknown group known as Hackers Unite has claimed responsibility for publicizing Hotmail's security breach, which Microsoft vehemently denied was the result of a backdoor oversight. By James Glave.

Brief description of issue.

Explanation of JavaScript in HTML attachments security hole, since fixed.

Article and discussion of HTML attachment attack.

Hotmail said it will mandate the use of cookies to plug a newly discovered security hole.

This isn't the first time that the folks who are gonna give us a internet wide universal login system had a hole. News and discussion.

Microsoft's Web-based e-mail service suffered a damaging blow to its integrity Monday when a security breach came to light that made it so anyone's Hotmail messages could be read. By Robin Lloyd.

Late Sunday night, Root Core, a group of computer security experts, published information exposing vulnerabilities in Microsoft's popular service.