Security Hole in Windows/MSN Messenger
A feature in MSN and Windows Messenger that apparently is intended to identify IE users (without their knowledge or consent) on Microsoft Web sites can easily be abused by any Webmaster with a bit of Javascript or VBscript. The feature allows anyone to obtain a surfer's Messenger username and those of his contacts, according to Richard Burton in a post Monday to the BugTraq mailing list. Worse, if a username is not available, the e-mail address of the surfer and those of his contacts are displayed instead.Major privacy hole in Windows/MSN Messenger The Register, Feb. 5, 2002
Update Microsoft: We're patching MSN hole ZDNet News, Feb. 11, 2002
