Microsoft Outlook Users In China Hit With MITM Attack

DavidGilbert99 writes A month after it blocked Google's Gmail, the Chinese government now stands accused of hacking Microsoft's Outlook email service, carrying out man-in-the-middle attack to snoop on private conversations. From ZDNet: " On Monday, online censorship watchdog Greatfire.org said the organization received reports that Outlook was subject to a man-in-the-middle (MITM) attack in China....After testing, Greatfire says that IMAP and SMTP for Outlook were under a MITM attack, while the email service's web interfaces were not affected.

Re: Encryption = same as an envelope for real mai

The problem isn't that Joe User is too stupid. The problem is that these crypto systems are a real bitch to use effectively. They can take far too long to set up, and to work through any problems can waste too much time. Even when they're working, they're a pain in the ass to use. It's so bad that even experienced and knowledgeable people who can get them working don't want to bother with using these systems!

Who says that the attack is over?

[WD]

The evidence that China was performing MITM attacks on Outlook.com was because of temporary use of an SSL certificate chain that wasn't signed by one of the hundreds of root CAs included with modern operating systems. (and therefore the software complained)

If the software people are using stops complaining about the SSL certificate chain, does that mean that they're not performing MITM anymore? Hell no. At the very least it means that they're just using an SSL certificate signed by one of the hundreds of trusted root CA certificates. You know, like CNNIC. The internet organization with ties to the Chinese government.