French
Portuguese
Spanish
Arabic
Chinese
Recovering my hotmail account
Posted by roushdat on April 2, 2007
The heat is terrible :S Am sweating just by sitting in front of my pc…
Today, I planned to clean my hotmail account from those (>3450 emails)…I was investigating about possible means to clean up the mess…I had to main options:
The most obvious being, select all mails in a page then delete, but when you got >3450 mails, splitted into hundreds of pages…that’s not a good idea at all
The second option is to use a mail client to download all mails from my hotmail account onto my pc and then delete all locally. Unfortunately it was taking more time than expected to get the pop3 server of hotmail (anybody having it, please pass around) While googling…There came Vicky (the guy who has a blog and desperately sent adverts for his blog recently). I thought about asking him if he could help.
He agreed but didn’t know about the number of mails in my inbox (though he claims to be reading my blog, the number of mails in my mailbox was posted last week itself i think).
The conditions we agreed upon:
Within 5 minutes he should delete all the mails in my mailbox and I give him a zinger meal as reward
If he fails to do the job, he gives me a zinger meal :p
But when he saw the number of mails in there…he started saying that I cheated…I didn’t cheat! He claims that he reads my blog so logically, he should have been aware of the number of mails :p
He was doomed to be unsuccessful but that wasn’t all…he got tempted to play a small game with me: Taking over my hotmail account :p
And I guess you will all agree with me…it was only too simple to do, I had already untrusted him the password (which i changed to his name just before giving). Actually, I was expecting for things like this to occur :p
Vicky went one step further than just changing the password, he also changed the secret question and the alternate email. After that, he asked me if I can recover my mail account :p Just too easy guyz 
…He told him that he give me one more zinger if am successful and otherwise, he gives!
In fact, I’ve discovered a problem with hotmail’s security today (first time that i find such a problem by myself on a well-known website like hotmail)
Hotmail allows multiple users using different computers having different ip addresses to be logged in on the same account! My god…and to my knowledge, there is no option to know whether another user is also logged in on your account in parallel, nor a away to kill the intruder (like the ghost kill in irc).
So, how did i recover my account, after Vicky changed the password and ‘all’ the ways to reset the password???
Simple: I exploited that hotmail vulnerability or multiple users logged-in in parallel. Before asking vicky to get into my mailbox, I already signed in myself, and kept a page of my inbox active, that is clicking here and there every few minutes to avoid that it expires.
On the other side Vicky was working his way out, messing with my account’s password, secret question and alternate email. After he completed his nasty job, mine started :p
I clicked on forgot password and hotmail provided me with 3 options to recover my password:
- answer secret question (vicky already changed the question)
send reset password info to alternate email (Vicky changed that as well to his own email address)
send reset password info to roushdat%at%hotmail.com (This is the account’s own email address which can’t be changed)
The 3rd option was of prime interest to me I selected it and hotmail informed me that the reset info was successfully sent to roushdat%at%hotmail.com…hehe, remember, I’ve got a page of my inbox already open since the beginning? So,i refreshed my inbox page…and there, the reset-mail was waiting for me :p
In the reset-mail, i got a link that sent me to a page to type in my new password, and bingo, my mailbox was successfully :p The rest was history…I changed my secret question and my alternate email.
One problem with hotmail again, I knew Vicky was still in the mailbox…although the password has been changed, hotmail doesn’t deem it important to verify that the user is authentic by asking him the password again…So our small ‘hacker’ enjoyed himself sending two mail to all my contacts: 1 to advertise his own blog (flame him guyz :p) and the second…to make me a Jori No 1. star and announcing that I will sing tomorrow at the University of Mauritius. Eh I don’t mind singing…You can all come to listen
And Vicky, owes me 2 zinger meals now ! ( zamais mo na pa pou blier….)
P.S: double negation== neutral.
zamais, na, pa== triple negation.
viccks said
zinger no way.. only chips to pou gagnE.. sa ousi small.. to pas ti dire sipa ena 3000+ mails la dan .. arrrr
emplus mo ti pou capve rechange password la enkor.. since mo ti deja login en paralell mem apres to ien change password.. moi ousi mo ti ena ene session to mail deja ouvert.. hihihi.. then to ine dire moi aC.. soo ine aC.. see see bon dimoune moi
hmm.. hotmail kk it seems.. pas croire sa ti pou marC with gmail ein..
ki to dire roush.. nou try avek gmail.. give me to pass nou try lol
et demain attend roush so live performance.. ki room mo ti dire.. mo mem mo ine blier
roushdat said
Jamais mo pane dir toi aC moi :p bring in the chat logs and let the people decide if u dare :p
Starkiss*** said
room 1.16 sa vicks!! :d
lols..demin mo pou vini roush..
u sing ok..!!lol..
viccks said
fini fer choice of song?
soi to pou fer li on the spot!!
btw..
nec to rodE manzE..
longtemps to pas ien post ene pic manZe.. ki pe arriV??
roushdat said
Hmm : ene mama li important- dans la vie nimporte ki zenfant…. More live demin :p
Mo gagne bocou complainte quand mo met pic manZer :S ena dimoune rode bat moi tou :S Anyway, foodstuff coming soon :p Prepare zot plat toujours
Ravi Luchmun said
Bobo, no pic of food stuff : zingers, chocolates, etc……..its bad when u can only see it on the screen and that also at some odd hours at night
Sundeep said
euh..
was pretty foolish as game
dans gmail ena ene option kot to select all mails in all pages
mo penser lor windows live si ena li..
vu ki zot inn copier lidee gmail ek zot semblant interface ajax..mais mo rapel mo ti ressi select all mail..akoz mo ti back up tout
Yashvin said
hahahahahhhhhhhhhhhhhh
funny u guys!
a chance that vicky didnt get that idea when i gave him my password for my blog n my site control panel when i just bought yashvin.net
mo ti pu regreter lol
the morale :
pas servi hotmail
Eddy Young said
I think we can all agree that giving away one’s login credentials to another person for something as personal as a mailbox is a stupid idea
I wonder how this will end…
vicks said
don’t worry guys am not that mechant
ine fer li fer letoure imP coz line manze lavie dimouen avek so zinger meal
btw.. pas pou gagNE mem sa ein..
payE pizza la avant .. then ava geT si to pou gagne zinGer
roushdat said
roushdat said
Btw Sundeep…I would be very grateful if you could help me locate that select all option.
viccks said
Hey roush to pe increase to comment by posting back to back comments lol
to ti capve edit last comment la et add li non?? lol
pas grave nou postpone to performance
pas blier raconte to trip to ENT ..
have fun