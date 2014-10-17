from the so-you-can-read-it-easier dept.
Attention anyone using Microsoft Outlook to encrypt emails. Researchers at security outfit SEC Consult have found a bug in Redmond's software that causes encrypted messages to be sent out with their unencrypted versions attached.
You read that right: if you can intercept a network connection transferring an encrypted email, you can just read off the unencrypted copy stapled to it, if the programming blunder is triggered.
The bug is activated when Outlook users use S/MIME to encrypt messages and format their emails as plain text. When sent, the software reports the memo was delivered in an encrypted form, and it appears that way in the Sent folder – but attached to the ciphered text is an easily human-readable cleartext version of the same email. This somewhat derails the use of encryption.
"This has been a rather unusual vulnerability discovery," the SEC team said in an advisory on Tuesday.
Source: https://www.theregister.co.uk/2017/10/11/outlook_smime_bug/
(Score: 1, Funny) by Anonymous Coward on Sunday October 15, @07:33AM (1 child)
I don't even have to go through a lengthy decryption process to read my email. What is so bad about this?
(Score: 2) by maxwell demon on Sunday October 15, @08:21AM
It's bad because the sender is tricked into wasting processor cycles generating an encrypted version, when he could have just sent the unencrypted mail as is. ;-)

(Score: 1, Funny) by Anonymous Coward on Sunday October 15, @07:43AM (1 child)
I think someone at Microsoft took the specifications to make sure the NSA can read all the emails, and generalized it somewhat too much.
(Score: 0) by Anonymous Coward on Sunday October 15, @08:14AM
Or they disapproved and had a sense of humor. This and the management engine backdoor are priceless 'mistakes', funny guys. Given whats possible (see Obfuscated Perl Contest), these are just in plain sight.
