dotcomUNDERGROUND

Sixteen year-old Adriaan Graas from The Netherlands discovered an XSS (cross site scripting) exploit in Hotmail. The exploit allows hackers to steal cookies from their victims and obtain full control over their inboxes without the need of knowing their passwords.

Details of the exploit can be found here:

http://adriaangraas.feetback.nl/browse.php?vf=/security/exploits/hotmail/how-to.php

More than a week later of his informing it to Microsoft, the billion-dollar company still hasn’t fixed the flaw.