Avinash Sudhodanan in collaboration with Nicolas Dolgin (an intern from SAP, France), recently discovered a serious vulnerability in Microsoft's online services that allows an attacker to make the victim access (without their knowing so) an account controlled by the attacker.
The consequences of the “flaw” discovered by the researchers can be serious. Among these, the attacker can monitor the activity of the victim and the pages they visit, thus acquiring sensitive data. This not only leads to the breach of the victim's privacy, but it may allow the use of the data collected for fraudulent purposes. Also, the attacker can trick the victim by improperly using their credit card or making them pay for services they do not use, such as Skype credit recharging of the attacker's account.
The research was conducted as part of the "Security and Trust of Next Generation Enterprise Information Systems" (SECENTIS) European project.
The all article is available on FKB web site here: A flaw in Microsoft's online services discovered. FBK researcher received recognition for his contribution to Microsoft's online services security.
This news has had a great impact in the Italian press. Here below there are some links to the articles that appeared online on December 13th, 2016:
And on December 16th, 2016:
On local newscast: