Stefan BohacekHm, #TIL about the "most widespread security incident in the history of the Web", when in 1999 a security flaw in Hotmail was revealed that permitted anybody to log in to any Hotmail account using the password "eh".
Marty Fouts@stefan But (BSD) Unix did it first and Android did it better. In those cases (sendmail shipped with a debug password that allowed root access; Android shipped with a root shell running with keyboard access) the problem was release engineering allowed debug enabled root access to ship. I don’t know if hotmail had the same problem but I would be very surprised if it didn’t.
@stefan If you used a “per capita” metric like percentage of machines attached to the net I suspect that the sendmail “wiz” password in BSD 4.3 would qualify as most widespread simply because of how many VAX were on the net then.
@stefan To blow my own horn: when Microsoft shipped the last smartphone from Danger, which ran a NetBSD kernel and runtime under a DangerOS user land, I made it impossible to root by the simple expediency of not having a root account and not allowing UID 0 to work. It wasn’t perfect security but it stopped a lot of attack vectors.