Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: IE10 bug? Hotmail / Live / Outlook web interface security compromised?

09 Jan 2013   #1
Kari

Microsoft Community Contributor Award Recipient

 
IE10 bug? Hotmail / Live / Outlook web interface security compromised?

Noticed this when I had accidentally selected Keep me signed in on a PC not belonging to me when checking my Outlook.com emails using Windows 7, IE10 and Outlook.com web interface. Need help to find out how to avoid this kind of situation.

Scenario: Opening Outlook.com with IE10. Logging in with my my_address@outlook.com, accidentally selecting Keep me signed in. All is well, check mails, reply to a few, sign out, closed IE10, shut down the computer.

Was leaving when someone I was waiting to go with asked me to wait 10 more minutes. With extra time in my hands decided to check my other Hotmail account, too. Booted the same PC, opened IE10, went again to Outlook.com and to my surprise it opened to my outlook.com account I had checked earlier, directly without asking for credentials.

I was absolutely sure I had not only closed the IE10 and shut down the PC, but first selected Sign Out from Outlook.com menus. In my opinion this, selecting to log out / sign out should invalidate earlier Keep me signed in selection?

Came home, decided to test this. Here's how it went:
Opening Outlook.com on IE10, entering my my@outlook.com credentials and selecting Keep me signed in (this time deliberately):

-outlook.com_1.png

Web interface opens, everything OK:

-outlook.com_2.png

Selecting Sign Out:

-outlook.com_3.png

Sign out successful:

-outlook.com_4.png

Logging in with another Hotmail account, this time with my@live.com, not selecting Keep me signed in:

-outlook.com_5.png

Signing out from this second account:

-outlook.com_6.png

Sign out successful:

-outlook.com_4.png

Closed IE10. Reopened IE10, the first mail account (my@outlook.com) appears on Outlook.com as soon as the page is opened, credentials never asked:

-outlook.com_2.png

My email account can be viewed without credentials simply by closing and reopening IE10, regardless which Hotmail / Live / Outlook.com was opened and signed in and when the account was signed out when the browser was closed.

It seems to me that Outlook.com is not allowing to completely sign out from Outlook.com if Keep me signed in has been selected. In my tests now the account used to sign in with this option will always open automatically without credentials when IE10 is restarted.

Any opinions, tips, advice? I do not like this kind of security leaks, I'm even willing to take the Darwin Award if needed: if this is my own doing, please tell it for me!

Kari




My System SpecsSystem Spec
.
09 Jan 2013   #2
DavidE

Multi-Boot W7_Pro_x64 W8.1_Pro_x64 W10_Pro_x64
 
 

I don't know if this might help as it's about Win8/IE10, but you can take a look.
Maybe IE10 is saving the registry cookies noted in the the last post (Dec. 20, 2012)?
If you have a PC with IE9, could you test that and see if you have the same issue?

Disable Automatic Microsoft Website signon in IE10
My System SpecsSystem Spec
09 Jan 2013   #3
Kari

Microsoft Community Contributor Award Recipient

 

Thanks for the tip, will check it.
My System SpecsSystem Spec
.

09 Jan 2013   #4
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

The cookie you set when using Keep Me Signed in is still there when you log off and turn the computer off. When you reboot the saved cookie is activated again.
It is probably a (atdmt.com) cookie. Run Super Anti Spyware and you will find it. It will stay gone if removed by SAS until you select Keep Me Signed In again. If you sign in every time you use your email the cookie does not come back.
This might help.
Microsofts atdmt.com cookies
My System SpecsSystem Spec
Reply

 IE10 bug? Hotmail / Live / Outlook web interface security compromised?




Thread Tools




Similar help and support threads
Thread Forum
Windows Live Mail - superfluous to outlook/hotmail? Deleting it?
Hi - my first day here and am not techno savvy, so please allow for my ignorance! I have outlook (formerly hotmail) and never use Windows Live Mail, yet I see (quite baffliingly) that I have some emails of mine that are on there...some from past years. (?) I never did anything to initiate the...
Browsers & Mail
Outlook (hotmail) security lock out problem.
Some time back I received a message whilst logging into my Hotmail account informing me of a security change request. I had tried to update my phone number details shortly before this but the message said that someone may be trying to use my account, so I went along with the process and selected...
Browsers & Mail
Outlook 2010: sync To-Do bar with Windows Live/Hotmail calendar?
Is there a way to have Outlook 2010 sync it's To-Do bar with a Windows Live webmail calendar? I'm using Outlook 2010+latest version of Outlook Connector +Windows Live webmail. Calendar sync works fine in both directions but the Outlook To-Do bar only displays upcoming events from the local...
Microsoft Office
Microsoft beefs up Outlook-to-Hotmail security
Complete article on link
Browsers & Mail
My brother's hotmail has flagged been as compromised. Need help
Hey guys. My brother's hotmail account has been compromised and now, Hotmail shows a security measure where he has to type in a cellphone number to receive a SMS. Problem : We don't have any cellphone with a SMS function. Not even a regular cellphone. He can't connect, so he can't change...
Browsers & Mail
All of my hotmail accounts are compromised
Hi, I've been having this ongoing problem now for 6 months. It seems that all of my accounts have been used to send spam. I have 3 hotmail accounts which, 1 for friends and 2 bogus ones I give out to websites that want an e-mail. On one of my accounts I get a message from hotmail before I login...
Browsers & Mail


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 10:32.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App