[22318] in bugtraq
Re: Hotmail message view exploit
daemon@ATHENA.MIT.EDU (Scott Gifford)
Sun Aug 19 23:22:00 2001
X-Delivered-To: bugtraq@securityfocus.com
To: "Jome" <jome@emoj.net>
Cc: <bugtraq@securityfocus.com>
From: Scott Gifford <sgifford@tir.com>
Date: 19 Aug 2001 22:48:00 -0400
In-Reply-To: "Jome"'s message of "Sun, 19 Aug 2001 19:36:37 +0200"
Message-ID: <lybslbtpjz.fsf@gfn.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
"Jome" <jome@emoj.net> writes:
> > It also helps to know that from the message numbers,
> > in you own hotmail inbox,you can see about what time
> > is what message number been used. eg:
> >
> > MSG997936971.27 arrived on 16.08.2001.
> > MSG996698372.27 arrived on 01.08.2001.
> > MSG975960863.0 arrived on 04.12.2000.
>
> The numbers after MSG and before the dot (i.e. 997936971, 996698372
> and 975960863) is a UNIX timestamp which means, if I've understood
> this correctly, that you have to know exactly when a message has
> arrived. I dont't know about the number after the dot, but it may be
> the number of the message received at that exact second.
>
> Even if you have a scanner, wouldn't it be thousands of messages to
> scan even if you knew which minute a message has arrived?
The standard UNIX timestamp only has a resolution of 1 second. If
that is indeed what they're using, there would only be 60 messages to
scan if you knew what minute the message came in, 3600 if you knew
what hour, and 86400 if you knew what day. If the part after the dot
is hundredths-of-second instead of a counter of messages received in
the same second, it's trickier; multiply all of the numbers above by
100.
From the above example, though, it looks more likely that it
represents some kind of status. Odds of there being 27 messages
received in the same second on two different occasions are slim, and
are odds that two messages were both received at 27/100ths of a second
are 1/100, which isn't all that likely either. How that affected the
time required for scans depends on how many statuses there are, and
how common each is.
-----ScottG.
