Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Sunday October 15 2017, @07:22AM   Printer-friendly
from the so-you-can-read-it-easier dept.

Submitted via IRC for Bytram

Attention anyone using Microsoft Outlook to encrypt emails. Researchers at security outfit SEC Consult have found a bug in Redmond's software that causes encrypted messages to be sent out with their unencrypted versions attached.

You read that right: if you can intercept a network connection transferring an encrypted email, you can just read off the unencrypted copy stapled to it, if the programming blunder is triggered.

The bug is activated when Outlook users use S/MIME to encrypt messages and format their emails as plain text. When sent, the software reports the memo was delivered in an encrypted form, and it appears that way in the Sent folder – but attached to the ciphered text is an easily human-readable cleartext version of the same email. This somewhat derails the use of encryption.

"This has been a rather unusual vulnerability discovery," the SEC team said in an advisory on Tuesday.

Source: https://www.theregister.co.uk/2017/10/11/outlook_smime_bug/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by DECbot on Sunday October 15 2017, @04:42PM

    by DECbot (832) on Sunday October 15 2017, @04:42PM (#582662) Journal

    This is where you're wrong and ignorant. It's been sufficiently secured by passing it through the rot-13 algorithm 4096 times. Don't assume no processing is going on to decrypt plain clear text message.

    --
    cats~$ sudo chown -R us /home/base
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2