Submitted via IRC for Bytram
Attention anyone using Microsoft Outlook to encrypt emails. Researchers at security outfit SEC Consult have found a bug in Redmond's software that causes encrypted messages to be sent out with their unencrypted versions attached.
You read that right: if you can intercept a network connection transferring an encrypted email, you can just read off the unencrypted copy stapled to it, if the programming blunder is triggered.
The bug is activated when Outlook users use S/MIME to encrypt messages and format their emails as plain text. When sent, the software reports the memo was delivered in an encrypted form, and it appears that way in the Sent folder – but attached to the ciphered text is an easily human-readable cleartext version of the same email. This somewhat derails the use of encryption.
"This has been a rather unusual vulnerability discovery," the SEC team said in an advisory on Tuesday.
Source: https://www.theregister.co.uk/2017/10/11/outlook_smime_bug/
(Score: 5, Insightful) by LoRdTAW on Sunday October 15 2017, @05:46PM (2 children)
Dealing with outlook at work is one of the pleasantries I get to deal with. Then toss in office 365 subscriptions and dimwitted management who insist that those sales force plugins are totally necessary. Never mind those fucking plugins are responsible for 99% of outlook issues. The remaining issues are bad stored credentials that need to be purged then have the user sign back in.
Am I remotely surprised Outlook is a disasterous cancerous growth in the computer industry? Nope. And people keep eating that shit up.
(Score: 3, Informative) by nobu_the_bard on Monday October 16 2017, @01:14PM (1 child)
The number of times I've had to manually delete passwords out of the registry and change the permissions for the keys because Outlook sometimes messes it up...
(Score: 2) by LoRdTAW on Tuesday October 17 2017, @12:03AM
We run O365 which for a small business is perfect when all they want to be is an MS shop. The only thing that sucks is O365 appears to be more stable when running 2016 on windows 10. 2010/2016 on Win 7 always runs into that damn sign in window issue and unending plugin issues. Just last week I had my more well seasoned friend (IT is a secondary thing I handle nowadays) rebuild an entire profile because a plugin nuked the pst or something. And jesus, PST's, I still have nightmares rebuilding those damn things in the early/mid 00's. Did IT for a bit and promptly bowed the fuck out of that profession.