COMMAND

    Hotmail

SYSTEMS AFFECTED

    Hotmail

PROBLEM

    'Digital-Vortex' posted following.   To view full email  from some
    elses account do the following:

        1. Login normally to Hotmail with your ID (any id)
        2. Use  this  type  of  link  to  view  specific message  from
           specific user:
             http://pv2fd.pav2.hotmail.msn.com/cgi-bin/saferd?_lang=EN&hm___tg=http%3a%2f%2f64%2e4%2e36%2e250%2fcgi%2dbin%2fgetmsg&hm___qs=%26msg%3dMSG998047250%2e22%26start%3d9702%26len%3d9687%26raw%3d0%26disk%3d64%2e4%2e36%2e68_d1577%26login%3dusername%26domain%3dhotmail%2ecom&hm___fl=attrd&domain=hotmail.com
           or
             http://lw14fd.law14.hotmail.msn.com/cgi-bin/saferd?_lang=EN&hm___tg=http%3a%2f%2f64%2e4%2e36%2e250%2fcgi%2dbin%2fgetmsg&hm___qs=%26msg%3dMSG998047250%2e22%26start%3d9702%26len%3d9687%26raw%3d0%26disk%3d64%2e4%2e36%2e68_d1577%26login%3dusername%26domain%3dhotmail%2ecom&hm___fl=attrd&domain=hotmail.com

           From that link change values:
             MSG943322803%2e16 (Message id number, its simply a counter.  %2e=.)
             username          (Hotmail account name to view)

           (remove "%26raw%3d0" if you want to view email as 'emailbox
           view', instead of full raw view.)
           (remove  "&hm___fl=attrd&domain=hotmail.com"  if  you  dont
           like the hotmail frame on top.)
        3. Done.   If you entered  correct message number  & that user
           has it  you will  see it.   (Test it  with your  own  other
           hotmail account messages first to get the idea working.)

    Now typing those  message numbers manually  is too much  work, you
    could create a small utility to automatically scan given range  of
    messages from specific user name.   (You need to build it to  work
    with IE, as you  must be logged in  hotmail when you want  to view
    messages..)

    It also helps to  know that from the  message numbers, in you  own
    hotmail inbox,you can see about  what time is what message  number
    been used. eg:

        - MSG997936971.27 arrived on 16.08.2001.
        - MSG996698372.27 arrived on 01.08.2001.
        - MSG975960863.0  arrived on 04.12.2000.

    So you dont need to scan  as many message addresses when you  know
    from which range you are looking at.

    The numbers after MSG and before the dot (ie. 997936971, 996698372
    and 975960863)  seem to  be a  UNIX timestamp  which means,  if we
    understood this correctly,  that you have  to know exactly  when a
    message  has  arrived.   The  standard  UNIX  timestamp only has a
    resolution of  1 second.   If that  is indeed  what they're using,
    there would only be  60 messages to scan  if you knew what  minute
    the message came in, 3600 if you knew what hour, and 86400 if  you
    knew what day.  If the part after the dot is  hundredths-of-second
    instead of a counter of messages received in the same second, it's
    trickier; multiply all of the numbers above by 100.

    From  the  above  example,  though,  it  looks more likely that it
    represents some kind of status.   Odds of there being 27  messages
    received in the same second  on two different occasions are  slim,
    and are odds that two messages were both received at 27/100ths  of
    a second are 1/100, which isn't all that likely either.  How  that
    affected the time required for scans depends on how many  statuses
    there are, and how common each is.

SOLUTION

    Nothing yet.