Trying to get Amazon.com and they are not online, saying if you leave your e-mail they will notify you when they re-open. Huh? Remember someone saying this the other day, and others saying they got through. Also can not get through to Hotmail. Keep getting error messages. Anyone know if they have been hacked again?

-- Gia (laureltree7@hotmail.com), September 13, 1999

Answers

Ole Johnny Canuck can't log in to Hotmail either.....

6.27 pm EST

-- Johnny Canuck (j_canuck@hotmail.com), September 13, 1999.

Amazon.com came up for me. . .

-- Gypsy (GypsiGold@aol.com), September 13, 1999.

Amazon works fine on IE and Netscape.

Best,

Z

-- Z1X4Y7 (Z1X4Y7@aol.com), September 13, 1999.

My wife works at Amazon for Systems and Network Operations. She is on call 24/7. Amazon DID NOT go down the other day (hackers or otherwise) and as for today came up no problem for me (as the last time it was supposedly down). She would have been notified immediately had this been true and I would have known. FWIW, One man's experience.

-- Ken Mitcham (ken_mitcham@yahoo.com), September 13, 1999.

Had a %#* of a time getting onto Hotmail around 6:00 P.M. CST on Monday, 9/13/1999. Finally did get on, though.

www.y2ksafeminnesota.com

-- MinnesotaSmith (y2ksafeminnesota@hotmail.com), September 13, 1999.

New Hotmail Hole Discovered

Updated 3:50 PM ET September 13, 1999 By Steven J. Vaughan-Nichols Just what the world didn't need: another way to crack open Microsoft's beleaguered free, Web-based e-mail system, Hotmail. But, that's exactly what noted Bulgarian bugfinder Georgi Guninski claims to have found.

Guninski, who has made a name for himself by finding security violations in browsers, has found that Hotmail enables Web-paged embedded Javascript code to run automatically.

This makes it possible for someone to write Web programs that could do anything from steal passwords to read others' mail. While it's long been known that active Web applets, whether written in ActiveX or Java, have the potential to pry open systems from the inside, this is the first case in which someone has shown that Hotmail is vulnerable to such attacks.

Not Just A Theoretical Hole

Is this a purely theoretical hole or one that can only be used by crackers to attack users? The answer, unfortunately, is the latter: correctly written Javascript programs can, at the least, raid users' inboxes.

Microsoft is not claiming ownership of this latest problem. "This is not a Hotmail security issue. We see it as an example of people encouraging users to run malicious code on the Web," a Microsoft spokesperson said.

"To protect yourself now, you can disable Javascript, just disable it before using Hotmail, or do not open mail from unknown people when you think it might contain Javascript," the spokesperson added. "Microsoft is investigating ways for Hotmail users to have greater security against threats posed by malicious use of Javascript in email."

The latest Hotmail hole opens up because Hotmail doesn't handle the new HTML tag "STYLE." Java programmers and Webweavers use STYLE to insert Javascript into HTML pages. The solution is to force Hotmail to handle STYLE in the same way it does ordinary Javascript--disabling it on arrival.

Timing Couldn't Be Worse

The fix may be simple, but the timing for Microsoft could not be worse. The latest Hotmail security breach follows by weeks a major Hotmail security meltdown. It took Microsoft hours to fix the problem, but millions of user accounts were left unprotected in the interim.

Since that initial breach, the company has brought in TrustE and another auditing firm to help it head off future Hotmail security breaches.

==================================================================== not sure if this is related...

Mike

=======================================

-- Michael Taylor (mtdesign3@aol.com), September 13, 1999.

Ken- I'm sure what you say is true, but I'm telling you I definately got that message today and someone else did the other day. As of now 9:45 EST Amazon and Hotmail are both accessible.

-- Gia (laureltree7@hotmail.com), September 13, 1999.

Gia,

The wife is home and here's the scoop. Due to a large volume of traffic earlier today some orders were having difficulty in getting through although Amazon was not down.

I apologize if my earlier message cast doubt on your integrity as that was not my intent. It was due to the reference "if they had been hacked again" with regards to Amazon.

I and my wife have researched Y2K since March 98 and have made prudent preparations that we feel appropriate. My point here is that the Net being what it is and from having seen rumors go from rumor to fact I felt it necessary, from having first hand information, to input the fact of this particular situation with regards to Amazon.

No hard feelings? :)

-- Ken Mitcham (ken_mitcham@yahoo.com), September 13, 1999.

No problemo Ken. I was referring to Hotmail being hacked, not Amazon. I thought maybe Amazon had a businness problem, not a cyber one. Also, though I didn't refer to it, I couldn't access my main ISP and had to resort to a backup for last 3 days. It's just been really strange times lately! :)

-- Gia (laureltree7@hotmail.com), September 14, 1999.