Hotmail security still sucks

Robert Graham of Errata Security takes a look at the recent “Web 2.0” report card compiled by Digital Society, and remarks:

Of the major webmail providers in the U.S., only Gmail is secure against sidejacking attacks. Yahoo Mail and HotMail are insecure, and can be compromised quickly. There are still a lot of HotMail users out there — they are fools.

I talked to the people at Microsoft responsible for fixing this problem ALMOST THREE YEARS AGO. Yet, they’ve done nothing about fixing this huge hole. I just tried it out today — while FireSheep looks a bit funky (it doesn’t correctly show the user name), it easily hacks into HotMail accounts.

Among the best on the card? WordPress!