Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Outlook Users In China Hit With MITM Attack

Posted by samzenpus on from the right-back-at-you dept.

DavidGilbert99 writes A month after it blocked Google's Gmail, the Chinese government now stands accused of hacking Microsoft's Outlook email service, carrying out man-in-the-middle attack to snoop on private conversations. From ZDNet: " On Monday, online censorship watchdog Greatfire.org said the organization received reports that Outlook was subject to a man-in-the-middle (MITM) attack in China....After testing, Greatfire says that IMAP and SMTP for Outlook were under a MITM attack, while the email service's web interfaces were not affected.

7 of 35 comments (clear)

  1. Encrypt if you need to by Ravaldy · · Score: 3

    If my email communication was important enough, I would encrypt it since its the only way to protect against MITM.

  2. Imagine that. by Black+Parrot · · Score: 4, Insightful

    A state spying on it's own citizens... shameful. I'd be outraged, unless of course they said it was part of the war on terror, or whatever China's current favorite boogeyman is.

    --
    Sheesh, evil *and* a jerk. -- Jade
    1. Re:Imagine that. by Opportunist · · Score: 5, Funny

      What?

      Damn those Chinese. Ain't it enough to copy our technology, do they have to copy our boogeymen now, too?

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  3. Merely beta testing... by Anonymous Coward · · Score: 4, Insightful

    ...for Cameron's plans for the West.

    Capitalism with a Chinese face.

  4. Re: Encryption = same as an envelope for real mai by Anonymous Coward · · Score: 3, Informative

    The problem isn't that Joe User is too stupid. The problem is that these crypto systems are a real bitch to use effectively. They can take far too long to set up, and to work through any problems can waste too much time. Even when they're working, they're a pain in the ass to use. It's so bad that even experienced and knowledgeable people who can get them working don't want to bother with using these systems!

  5. Who says that the attack is over? by WD · · Score: 5, Informative

    The evidence that China was performing MITM attacks on Outlook.com was because of temporary use of an SSL certificate chain that wasn't signed by one of the hundreds of root CAs included with modern operating systems. (and therefore the software complained)

    If the software people are using stops complaining about the SSL certificate chain, does that mean that they're not performing MITM anymore? Hell no. At the very least it means that they're just using an SSL certificate signed by one of the hundreds of trusted root CA certificates. You know, like CNNIC. The internet organization with ties to the Chinese government.

  6. Ah the good ol' days by trippin_efnet · · Score: 3, Insightful

    Remember when we could look at these stories and say things like "Aww, those poor Chinese. Their government is awful, shady, intrusive, abusive, etc.." Now the U.S. government makes the Chinese government look good by comparison. -t