Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 17 submissions in the queue.

Outlook Staples Your Encrypted Emails to, Er, Plaintext Copies When Sending Messages

posted by Fnord666 on Sunday October 15 2017, @07:22AM   Printer-friendly
from the so-you-can-read-it-easier dept.

MrPlow writes:

Submitted via IRC for Bytram

Attention anyone using Microsoft Outlook to encrypt emails. Researchers at security outfit SEC Consult have found a bug in Redmond's software that causes encrypted messages to be sent out with their unencrypted versions attached.

You read that right: if you can intercept a network connection transferring an encrypted email, you can just read off the unencrypted copy stapled to it, if the programming blunder is triggered.

The bug is activated when Outlook users use S/MIME to encrypt messages and format their emails as plain text. When sent, the software reports the memo was delivered in an encrypted form, and it appears that way in the Sent folder – but attached to the ciphered text is an easily human-readable cleartext version of the same email. This somewhat derails the use of encryption.

"This has been a rather unusual vulnerability discovery," the SEC team said in an advisory on Tuesday.

Source: https://www.theregister.co.uk/2017/10/11/outlook_smime_bug/

Original Submission

 
This discussion has been archived. No new comments can be posted.
Outlook Staples Your Encrypted Emails to, Er, Plaintext Copies When Sending Messages | Log In/Create an Account | Top | 34 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 5, Insightful) by LoRdTAW on Sunday October 15 2017, @05:46PM (2 children)

    by LoRdTAW (3755) on Sunday October 15 2017, @05:46PM (#582678) Journal

    Dealing with outlook at work is one of the pleasantries I get to deal with. Then toss in office 365 subscriptions and dimwitted management who insist that those sales force plugins are totally necessary. Never mind those fucking plugins are responsible for 99% of outlook issues. The remaining issues are bad stored credentials that need to be purged then have the user sign back in.

    Am I remotely surprised Outlook is a disasterous cancerous growth in the computer industry? Nope. And people keep eating that shit up.

    Starting Score:    1  point
    Moderation   +3  
       Insightful=3, Total=3
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   5  

  • (Score: 3, Informative) by nobu_the_bard on Monday October 16 2017, @01:14PM (1 child)

    by nobu_the_bard (6373) on Monday October 16 2017, @01:14PM (#582974)

    The number of times I've had to manually delete passwords out of the registry and change the permissions for the keys because Outlook sometimes messes it up...

    • (Score: 2) by LoRdTAW on Tuesday October 17 2017, @12:03AM

      by LoRdTAW (3755) on Tuesday October 17 2017, @12:03AM (#583227) Journal

      We run O365 which for a small business is perfect when all they want to be is an MS shop. The only thing that sucks is O365 appears to be more stable when running 2016 on windows 10. 2010/2016 on Win 7 always runs into that damn sign in window issue and unending plugin issues. Just last week I had my more well seasoned friend (IT is a secondary thing I handle nowadays) rebuild an entire profile because a plugin nuked the pst or something. And jesus, PST's, I still have nightmares rebuilding those damn things in the early/mid 00's. Did IT for a bit and promptly bowed the fuck out of that profession.