Hotmail users exposed to cookie snaffling exploit
John Leyden,
The Register
2005-06-08
The exploitable page - http://ilovemessenger.msn.com - has been updated to remove a cross site scripting flaw that was the subject of the exploit. But Alex de Vries, the Dutch security enthusiast who discovered the trick, warns that other portions of MSN's site are still vulnerable.