Security expert warns of Web risks as Hotmail breached

Companies should stay away from free Web-based email services, or risk leaving themselves open to hackers and viruses, according to Paul Cronin, head of penetration testing at network security specialist, CenturyCom.

Cronin made the claim after Microsoft's free email service, Hotmail, was forced to shut down for two hours on Monday after hackers broke into its servers and published details of how to retrieve information from system's 40 million email accounts.

Cronin said: "A lot of companies allow Hotmail for individual use, and some use it as a company standard, but it's a big security risk," he said.

A spokeswoman for MSN UK admitted security had been compromised: "A hacker based in Sweden breached the security of Hotmail, but it was resolved within six hours of our being aware of it."

"This is not a new situation," Cronin said. "Over the past year-and-a-half, three have been a number of security exploits. It shouldn't be used to send any sort of confidential information."

MSN's spokeswoman admitted users should think before sending confidential information. "You should always think about security - nine times out of ten it's fine, but there are always instances [of insecurity]."

Alex Shipp, virus technologist at Internet service provider, St@r Internet, claims MSN is also leaving its users open to attack from viruses. "They're using an old version of McAfee's VirusScan which doesn't catch any VB macro viruses within Word documents," he said.

Shipp claims Hotmail's scanners fail to detect six of St@r Internet's top ten Web viruses including Melissa, Ethan, Class and Marker (for more information see http://academy.star.co.uk/public/virustats.htm ).

"I've been telling them they don't catch Melissa since May," he said, but added that the system had still not been upgraded.

MSN's spokeswoman was unaware of any problems with Hotmail's virus technology.