[22312] in bugtraq
Re: Hotmail message view exploit
daemon@ATHENA.MIT.EDU (Jome)
Sun Aug 19 19:48:34 2001
Message-ID: <00b701c128d5$7fce5be0$b137ecc2@jome>
From: "Jome" <jome@emoj.net>
To: <bugtraq@securityfocus.com>
Date: Sun, 19 Aug 2001 19:36:37 +0200
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 8bit
> It also helps to know that from the message numbers,
> in you own hotmail inbox,you can see about what time
> is what message number been used. eg:
>
> MSG997936971.27 arrived on 16.08.2001.
> MSG996698372.27 arrived on 01.08.2001.
> MSG975960863.0 arrived on 04.12.2000.
The numbers after MSG and before the dot (i.e. 997936971, 996698372 and 975960863) is a UNIX timestamp which means, if I've understood this correctly, that you have to know exactly when a message has arrived. I dont't know about the number after the dot, but it may be the number of the message received at that exact second.
Even if you have a scanner, wouldn't it be thousands of messages to scan even if you knew which minute a message has arrived?
- Jome
