Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: IE10 bug? Hotmail / Live / Outlook web interface security compromised?


09 Jan 2013   #1

Microsoft Community Contributor Award Recipient

Windows 8.1 Pro with Media Center
 
 
IE10 bug? Hotmail / Live / Outlook web interface security compromised?

Noticed this when I had accidentally selected Keep me signed in on a PC not belonging to me when checking my Outlook.com emails using Windows 7, IE10 and Outlook.com web interface. Need help to find out how to avoid this kind of situation.

Scenario: Opening Outlook.com with IE10. Logging in with my my_address@outlook.com, accidentally selecting Keep me signed in. All is well, check mails, reply to a few, sign out, closed IE10, shut down the computer.

Was leaving when someone I was waiting to go with asked me to wait 10 more minutes. With extra time in my hands decided to check my other Hotmail account, too. Booted the same PC, opened IE10, went again to Outlook.com and to my surprise it opened to my outlook.com account I had checked earlier, directly without asking for credentials.

I was absolutely sure I had not only closed the IE10 and shut down the PC, but first selected Sign Out from Outlook.com menus. In my opinion this, selecting to log out / sign out should invalidate earlier Keep me signed in selection?

Came home, decided to test this. Here's how it went:
Opening Outlook.com on IE10, entering my my@outlook.com credentials and selecting Keep me signed in (this time deliberately):

IE10 bug? Hotmail / Live / Outlook web interface security compromised?-outlook.com_1.png

Web interface opens, everything OK:

IE10 bug? Hotmail / Live / Outlook web interface security compromised?-outlook.com_2.png

Selecting Sign Out:

IE10 bug? Hotmail / Live / Outlook web interface security compromised?-outlook.com_3.png

Sign out successful:

IE10 bug? Hotmail / Live / Outlook web interface security compromised?-outlook.com_4.png

Logging in with another Hotmail account, this time with my@live.com, not selecting Keep me signed in:

IE10 bug? Hotmail / Live / Outlook web interface security compromised?-outlook.com_5.png

Signing out from this second account:

IE10 bug? Hotmail / Live / Outlook web interface security compromised?-outlook.com_6.png

Sign out successful:

Click image for larger version

Name:	Outlook.com_4.png
Views:	3
Size:	9.0 KB
ID:	249392

Closed IE10. Reopened IE10, the first mail account (my@outlook.com) appears on Outlook.com as soon as the page is opened, credentials never asked:

Click image for larger version

Name:	Outlook.com_2.png
Views:	4
Size:	57.6 KB
ID:	249394

My email account can be viewed without credentials simply by closing and reopening IE10, regardless which Hotmail / Live / Outlook.com was opened and signed in and when the account was signed out when the browser was closed.

It seems to me that Outlook.com is not allowing to completely sign out from Outlook.com if Keep me signed in has been selected. In my tests now the account used to sign in with this option will always open automatically without credentials when IE10 is restarted.

Any opinions, tips, advice? I do not like this kind of security leaks, I'm even willing to take the Darwin Award if needed: if this is my own doing, please tell it for me!

Kari



My System SpecsSystem Spec
.

09 Jan 2013   #2

Win 7 Pro x64 SP1, Win 7 Ult x86 SP1
 
 

I don't know if this might help as it's about Win8/IE10, but you can take a look.
Maybe IE10 is saving the registry cookies noted in the the last post (Dec. 20, 2012)?
If you have a PC with IE9, could you test that and see if you have the same issue?

Disable Automatic Microsoft Website signon in IE10
My System SpecsSystem Spec
09 Jan 2013   #3

Microsoft Community Contributor Award Recipient

Windows 8.1 Pro with Media Center
 
 

Thanks for the tip, will check it.
My System SpecsSystem Spec
.


09 Jan 2013   #4

Windows 7 Pro. 64/SP-1
 
 

The cookie you set when using Keep Me Signed in is still there when you log off and turn the computer off. When you reboot the saved cookie is activated again.
It is probably a (atdmt.com) cookie. Run Super Anti Spyware and you will find it. It will stay gone if removed by SAS until you select Keep Me Signed In again. If you sign in every time you use your email the cookie does not come back.
This might help.
Microsofts atdmt.com cookies
My System SpecsSystem Spec
Reply

 IE10 bug? Hotmail / Live / Outlook web interface security compromised?




Thread Tools



Similar help and support threads for2: IE10 bug? Hotmail / Live / Outlook web interface security compromised?
Thread Forum
pinned hotmail/outlook not updating with ie10 Browsers & Mail
Outlook 2010: sync To-Do bar with Windows Live/Hotmail calendar? Microsoft Office
Microsoft beefs up Outlook-to-Hotmail security Browsers & Mail
My brother's hotmail has flagged been as compromised. Need help Browsers & Mail
All of my hotmail accounts are compromised Browsers & Mail
Outlook: Sync POP3 accounts via Live Hotmail. Microsoft Office
Windows Hotmail Interface is Messed up Browsers & Mail

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 08:55 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33