It would appear this problem goes well beyond affecting embassies. According to an article I just posted for The Register, Egerstad was able to sniff out the login details thanks to the embassies' misuse of a common client-side security application that allows him to perform a man-in-the-middle attack. In all, he's been able to obtain credentials for more than 1,000 email accounts, at least one of which belonged to an employee of a very large company.
Slashdot Mirror
It would appear this problem goes well beyond affecting embassies. According to an article I just posted for The Register, Egerstad was able to sniff out the login details thanks to the embassies' misuse of a common client-side security application that allows him to perform a man-in-the-middle attack. In all, he's been able to obtain credentials for more than 1,000 email accounts, at least one of which belonged to an employee of a very large company.