Microsoft's Hotmail flicks finger at UK students

RE: It's a free service

Wait for an article full of crazed ranting, then reply to it with "Get a grip."

Re: Hmmm

I wouldn't worry about it, I've had some messages from friends (only checking the IP address can see they we not sent in the UK) and they are the type that wouldn't give their bank details etc

I had a googlemail account hacked into - heck knows how on earth they managed to guess that password, but I suspect silly things like being able to answer what is your fav colour or name of your first pet means it's probably a piece of pi$$ to reset a password.

Now I never kept a contact list, but now I delete any messages I don't need to keep (and delete my sent items) , so if there does turn out to be a googlemail backdoor - hopefully any "damage" can be kept to a minimum

The only reason that I've not dumped googlemail is that at least you can see the IP address of the last accesses to your account

You can put anything you want in the From field

"Somehow, somebody managed to get into that account. "

Did they? Did you examine the headers of the emails that had your @hotmail address in the From field to verify that they actually originated from Hotmail? Sending an email with any email address you like in the From field is utterly trivial. You don't need to access someone's email account in order to send emails that claim to be from their email address.

Title

One possibility is it was actually someone else that had both you and the other people the spam was sent to on their contact list. The spam emails would then be sent to all that person's contacts randomly picking your email address as the source.

This happens all the time because sender and from email addresses are not validated and is one of the tricks they use to make it harder to track down who has actually had their account compromised and warn them.

titles and candrops

Hence why you don't supply the answer to that question, you give a totally unreleated answer.

Q: "What is the name of your first pet?"

A: *randomly generated value here*

I detest password recovery questions that don't let you set your own question and think you're dumb enough to hand over your mothers maiden name or some such.

It may be security by obscurity, but it's just one extra hoop/layer for them to traverse before getting their goods. No chance of dictionary/bruteforce attack on it, no lucky guesses, no-one gets your information and you're an infinitisimally bit more secure.

Strange

Me too. And I don't think it was a forged "from" address. I have myself in my contacts list and the message is sitting there in the "sent items" folder and was sent to everyone in my hotmail address book.

Something fishy is going on.