1. Unless your are using HTTPS (encrypted) then YES. HTTP is a plain text protocol. Your authentication between you and hotmail is sent naked as a jaybird down the wire. (This can easily be accomplished by anyone sniffing the traffic, no MITM is required)
2. Unless you are using HTTPS, then YES. This could be accomplished several ways. If the attacker was situated in your route he could act as a transparent proxy between you and your web requests, or the traditional ARP posioning (if on your segment) could be used to route all your traffic through himself, just to name two ways.

Could you tell? Maybe. If your ARP cache was poisoned and you actually knew what device the attacker was masquerading as, and what its IP should be then yes. If he were just acting as a transparent proxy along the route, then probably not, injecting data into the requests or the returns would be trivial. Of course if you suspected this was happening there are ways to tell, but I dont think it would be immediately apparent if you weren't looking.

-Maestr0