Microsoft Office 365 Vulnerability Could Allow Sidestepping of Email Encryption – it.slashdot.org

Microsoft Office 365 Vulnerability Could Allow Sidestepping of Email Encryption – it.slashdot.org

Microsoft Office 365 Vulnerability Could Allow Sidestepping of Email Encryption – it.slashdot.org 64 64 charlie

Become a fan of Slashdot on Facebook




The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

It’s secure enough for the accountants and that’s all that matters.

It’s secure enough for the accountants and that’s all that matters.
Microsoft’s accountants, at any rate.
How on earth did they manage to get ECB for email encryption? Neither the S/MIME nor PGP formats support ECB, you’d have to have invented your own email encryption format to be this broken.
Which admittedly the XML folks did, but that’s not normally used to encrypt email.

How on earth did they manage to get ECB for email encryption? Neither the S/MIME nor PGP formats support ECB, you’d have to have invented your own email encryption format to be this broken.

How on earth did they manage to get ECB for email encryption? Neither the S/MIME nor PGP formats support ECB, you’d have to have invented your own email encryption format to be this broken.
Hmm. You may have found the real reason they are doing it: intentional incompatibility! Of course, nobody with the least clue about cipher modes would ever use ECB, and hence it is not in any of the standards. But MS has proven time and again they do not have the least clue about many things they do and they have demonstrated time and again that they prefer to be incompatible to everybody else.
Just for reference, this explains why ECB is a bad idea on a level any random moron can understand: https://en.wiki [wikipedia.org]

Just for reference, this explains why ECB is a bad idea on a level any random moron can understand: https://en.wikipedia.org/wiki/… [wikipedia.org]

Just for reference, this explains why ECB is a bad idea on a level any random moron can understand: https://en.wikipedia.org/wiki/… [wikipedia.org]
In other words, it’s a good clear explanation. Why do you have to call people names all the time? Slashdot, please pray for this obnoxious asshole.
Who the F still encrypts with AES-CBC?
Microsoft apparently. It is costly to change software to be up to the latest standards of cryptography. I’m sure Microsoft will do some analysis and say on 1 out of 2^N customers will be impacted. That too is much cheaper than fixing the bug.
JoshK.
I’m sure tobacco companies did some analysis and claimed only 1 out of 2^N customers might become ill from using their product. That lie, was much cheaper than admitting the truth of the matter.
Slightly modified to reflect history.
As an obediently addicted society growing more and more reliant on massive providers of information and automation, we should probably do something about those shitty laws that allow the factor of cost to be abused as a defense, coupled to fines that are quite literally worth th
What was good for your dad is good for you!

What was good for your dad is good for you!

What was good for your dad is good for you!
Enjoy the great taste of Charleston Chew!
AES-CBC is not a problem is used right. This is about ECB.

uses the electronic codebook (ECB) block cipher

uses the electronic codebook (ECB) block cipher
ECB is a block cypher?
I think we found the problem.
I expect MS to be completely incompetent, but that is a new level. In any reasonable crypto course, the one thing they tell you about ECB mode is to _never_, _ever_ use it. Typically they also show you the picture for ECB here: https://en.wikipedia.org/wiki/… [wikipedia.org]
Which should make it amply clear even to the most stupid person why ECB mode is a bad idea. I did not only show this to my students, they also had to do an exercise on it.
And then MS goes ahead and uses ECB. The mind boggles. These people really are the worst cretins out there in the software space whose software is actually used. MS has to _die_. The sooner the better.
Odds on OME dates to a time before that had become common wisdom. It’s still here simply because MS management decided that maintaining backwards compatibility and not inconveniencing users with having to convert all their old email was more important than the security risks involved.
Tell me that the fix will make all .pst files unreadable and able to be deleted.
I promise it’s more secure than anything you can do on-premises.
There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.
Black Holes May Hide a Mind-Bending Secret About Our Universe
Pine64 Announces ‘Sub-$10, Linux-Capable’ SBC – the Ox64
It was pity stayed his hand. “Pity I don’t have any more bullets,” thought Frito. — _Bored_of_the_Rings_, a Harvard Lampoon parody of Tolkein

source

    Would you like to receive notifications on latest updates? No Yes