As previously mentioned by m_chibi, Electrophreak discovered a huge problem with Microsoft’s Passport sites: cookies can be “stolen” by abusing an XSS hole in forms on several MSN subsites (eg. MSN Entertainment). More details in MSN Security.
For now, Electrophreak advises to sign out of Passport every time. If you use MSN Messenger, you’re dead meat because while logging on, you sign into Passport as well… and stay signed it. That’s why MSN Messenger users better disable Active Scripting!
Note: The content of this post is over 4 years old. Feel free to share your refreshing comments.
