Hotmail Trojan Horse security breach; fix is posted

From a news.com article: "Microsoft's free Web-based email provider Hotmail says it is working 'feverishly' to fix a security breach that lets malicious JavaScript programmers alter the Hotmail user interface and swipe user passwords." A Trojan Horse in the email "yields a bogus Hotmail 'time expired' message asking the user to reenter his or her user name and password. Once these are entered, the user returns to the standard Hotmail site. But the user name and password are on their way to the malicious coder." A Wired article also covers this.

Fix posted From ZDNet: Hotmail posts fix to password flaw: The company has posted a server-side fix, and says it will shortly produce a "permanent fix" to "similar problems." Meanwhile, some advice is offered: "If you see an unexpected password prompt, do not use it to log on to your account; instead, return to the account by typing the Hotmail URL into your browser, or using a bookmark." (Thanks, Monty Solomon.)