(IDG) -- Microsoft's HotMail subsidiary is scrambling to fix a security glitch in its free e-mail service that could allow someone to steal passwords from HotMail members, a spokesperson with the company's public relations firm said Tuesday.

The security breech was uncovered Monday by a Web developer at Canadian firm Specialty Installations, which has posted an explanation of it on the company's "Because-We-Can" Web page.

MORE COMPUTING INTELLIGENCE

IDG.net home page

PC World home page

FileWorld find free software fast

Make your PC work harder with these tips

Reviews & in-depth info at IDG.net

IDG.net's desktop PC page
IDG.net's portable PC page

IDG.net's Windows software page

IDG.net's personal news page

Questions about computers? Let IDG.net's editors help you

Subscribe to IDG.net's free daily newsletter for computer geniuses (& dummies too)

Search IDG.net in 12 languages

News Radio

Fusion audio primers

Computerworld Minute

The scheme involves sending an e-mail message to a HotMail user that contains a particular JavaScript program. When the user opens the e-mail the JavaScript program starts running almost instantly, creating a message box that tells the user their account access has timed out, and asking them to reenter their log-in information.

The victim's user name and password are then winged back to the person who sent the malicious e-mail. Armed with that information, the intruder could delete, send, and read the victim's e-mail, access the victim's address book, and check messages on other mail servers the victim may have configured to be accessible from the HotMail account, according to Specialty Installations.

"HotMail is working right now on a permanent fix ... they're working flat out," said Peter Ross, a spokesperson for HotMail's public relations firm. HotMail cannot say at the moment how long it will take to implement the fix, he added.

As a temporary measure, HotMail users can disable the JavaScript support in their browser software, Specialty Installations advised.

Related stories:

Web-based e-mail keeps travelers in touch - January 8, 1998
Site-Seer: You've got *free* mail - August 28, 1997
Latest Headlines

Pakistan begins troop withdrawal from Indian border
White-collar workers in Jakarta join anti-Habibie chorus
Veteran politicians hand over EU reform blueprint
Klan rally in New York fizzles under counterprotests
Falwell hosts summit with gay minister
Critics assail plan to give women addicts money to use birth control
Chemical that could power microbes is found at Jupiter moon

Texas downs No. 3 Huskers, continues hex

Illinois stuns No. 9 Michigan 35-29

Agilent plans $1.1 B IPO
Agents boycott United for slashing commissions
Advocates assail legislation encouraging mergers

Today on CNN

Related IDG.net stories:

Note: Pages will open in a new browser window

PC makers issue Win 98 warnings (PC World Online)
Hotmail still unharmed by new owner, but that's sure to change (InfoWorld Electric)
Microsoft purchases Hotmail (InfoWorld Electric)
AOL members battle the Trojan horse (PC World Online)
PC World's Top 400 utilities page (PC World Online)

Related sites:

Hotmail

Specialty Installations

Because We Can

The "HOT" Mail exploit and how to protect yourself

External sites are not
endorsed by CNN Interactive.