“By cobbling together a handful of browser-based bugs with flaws in Passport’s authentication system, Slemko developed a technique to steal a person’s Microsoft Passport, credit card numbers — and all, simply by getting the victim to open a Hotmail message. Heh. Surprise, surprise.