Stefan BohacekHm, #TIL about the "most widespread security incident in the history of the Web", when in 1999 a security flaw in Hotmail was revealed that permitted anybody to log in to any Hotmail account using the password "eh".
From the original source archived at https://web.archive.org/web/20140408200533/https://archive.wired.com/science/discoveries/news/1999/08/21503
"After examining that code early Monday, outside security experts suggested that the problem might have been a backdoor inadvertently left open on Hotmail servers by Microsoft engineers.
Microsoft vehemently denied the backdoor suggestions, and instead described the problem as "an unknown security issue.""
Dante@stefan "an unknown security issue."
"It's not a backdoor. Actually, we have no idea what it is." Great publicity!
Dan, the US is the threat!@stefan A Canadian thing, eh! 🤣
Comrade elronxenu@WastelandWandrr @stefan I think somebody was very high at the time
BrynawelAnd that is exactly how Microsoft handles security up until today.
Tattie
Jake in the desert@stefan 🤯 had NOT even heard about this, and surprised, as I'm pretty sure I had a Hotmail account in 99. Wow
Marty Fouts@stefan But (BSD) Unix did it first and Android did it better. In those cases (sendmail shipped with a debug password that allowed root access; Android shipped with a root shell running with keyboard access) the problem was release engineering allowed debug enabled root access to ship. I don’t know if hotmail had the same problem but I would be very surprised if it didn’t.
@stefan If you used a “per capita” metric like percentage of machines attached to the net I suspect that the sendmail “wiz” password in BSD 4.3 would qualify as most widespread simply because of how many VAX were on the net then.
@stefan To blow my own horn: when Microsoft shipped the last smartphone from Danger, which ran a NetBSD kernel and runtime under a DangerOS user land, I made it impossible to root by the simple expediency of not having a root account and not allowing UID 0 to work. It wasn’t perfect security but it stopped a lot of attack vectors.
Dark Sage Torunka 
@stefan Wait, you're telling me this video actually happened decades ago?
Tacitus 🇮🇪 
