French hacker uncovers email holes

December 13, 2001

Coincidence, perhaps, but just one week after the Zi Hackademy school for hackers opened in Paris, one of its members has hit the French headlines with a "global vulnerability" in the Yahoo and Hotmail email services.

In today's edition of Hackerz Voice, the French magazine for which all the Zi Hackademy tutors write, a hacker called Fozzy claims to have detected a vulnerability allowing him to "hijack the messages of 200 million users" on Yahoo and Hotmail.

Although rather scant on details, it seems that Fozzy has found yet another way of "circumventing the filters" used by the email services to block malicious code.

Both services have suffered from a multitude of similar scripting vulnerabilities in the past.

Indeed, Ollie Whitehouse, manager of security architecture for @stake, said that it's quite simply a case of: "How can we circumvent the filters with malicious code this week?"

Although Fozzy is justified in saying that the principle of the filtering vulnerability is well known and should have been eliminated by now, Whitehouse did not appear surprised by the hacker's discovery and said it was "nothing new".

Fozzy claims to have alerted Hotmail and Yahoo to the latest holes and both companies are said to have made appropriate patches.