Microsoft Outlook Users In China Hit With MITM Attack

DavidGilbert99 writes A month after it blocked Google's Gmail, the Chinese government now stands accused of hacking Microsoft's Outlook email service, carrying out man-in-the-middle attack to snoop on private conversations. From ZDNet: " On Monday, online censorship watchdog Greatfire.org said the organization received reports that Outlook was subject to a man-in-the-middle (MITM) attack in China....After testing, Greatfire says that IMAP and SMTP for Outlook were under a MITM attack, while the email service's web interfaces were not affected.

Confucius say he who does not know Chinese Govermt

[JoeyRox]

is reading his email is MITMWC, aka Man in The Middle Without Clue.

Encrypt if you need to

[Ravaldy]

If my email communication was important enough, I would encrypt it since its the only way to protect against MITM.

Encryption = same as an envelope for real mail.

[ron_ivi]

Totally agree encryption (PGP/GPG, S/MIME) is the right answer here.

Instead of relying on policies/laws to keep email confidential, I wonder if the internet would be a much safer place if the laws said that any unencrypted email has no expectation of privacy.

Unencrypted email should be thought of as more like a post-card -- where governments routinely scan them all for law enforcement.

If you want anything private in email, encrypt it.

And if it were widely thought of that way, corporations would insist on encrypted emails, so the email client vendors would make encryption easy instead of the pain in the neck it is today.

Imagine that.

[Black+Parrot]

A state spying on it's own citizens... shameful. I'd be outraged, unless of course they said it was part of the war on terror, or whatever China's current favorite boogeyman is.

Re:Imagine that.

[Opportunist]

What?

Damn those Chinese. Ain't it enough to copy our technology, do they have to copy our boogeymen now, too?

Re:Imagine that.

[Opportunist]

Careful what you wish for, a domestic cold war is pretty much what we're heading for. It's likely that it's going to be asymmetric too.

Luckily this time WE will be the ones with the few resources.

Merely beta testing...

...for Cameron's plans for the West.

Capitalism with a Chinese face.

Re: Encryption = same as an envelope for real mai

The problem isn't that Joe User is too stupid. The problem is that these crypto systems are a real bitch to use effectively. They can take far too long to set up, and to work through any problems can waste too much time. Even when they're working, they're a pain in the ass to use. It's so bad that even experienced and knowledgeable people who can get them working don't want to bother with using these systems!

Who says that the attack is over?

[WD]

The evidence that China was performing MITM attacks on Outlook.com was because of temporary use of an SSL certificate chain that wasn't signed by one of the hundreds of root CAs included with modern operating systems. (and therefore the software complained)

If the software people are using stops complaining about the SSL certificate chain, does that mean that they're not performing MITM anymore? Hell no. At the very least it means that they're just using an SSL certificate signed by one of the hundreds of trusted root CA certificates. You know, like CNNIC. The internet organization with ties to the Chinese government.

Ah the good ol' days

[trippin_efnet]

Remember when we could look at these stories and say things like "Aww, those poor Chinese. Their government is awful, shady, intrusive, abusive, etc.." Now the U.S. government makes the Chinese government look good by comparison. -t

What about the NSA?

[AndyKron]

Isn't the NSA in the middle of everything already? How is this news?