Tripod account hijack risk patched
Source: The Register
Lycos has patched a gaping security hole with its Tripod homepage service which would have allowed crackers to bypass authentication checks and control a victim's homepage.
Security consultants Interrorem discovered it was possible to hijack a user's account by manipulating a URL string.