Microsoft took part of its MSN Web site offline over the weekend, after it learned of a flaw that could let an attacker gain access to Hotmail accounts, the company said.

The MSN Web site, http://ilovemessenger.msn.com/, contained a so-called cross-site scripting flaw, a Microsoft representative said on Monday. In its initial review of the issue, the company found that an attacker could use the vulnerability to obtain "cookies" from Hotmail users by getting them to click on a malicious URL. That could then grant access to those e-mail accounts, the representative said.
Source: News.com (http://news.com.com/MSN+flaw+put+Hotmail+accounts+at+risk/2100-1002_3-5734448.html?tag=nefd.top)

There's an even worse one out there. I believe the layman's term for the flaw is, "Secret Question."

I can't tell you how many people have said, "OH MY GOD! Someone hacked my hotmail account!" Then I usually end up talking to the "hacker" over the "hackee's" Messenger account. It's almost always the same two or three people, from my school. I always ask, "How'd you get it?" The answer, invariably, is "I guessed their secret question."

Kids these days.

Yah that dam question is the biggest security hole ever for those lusers.