Microsoft Outlook Hacked In China, New Report Finds

[InfoSec News <alerts () infosecnews org>]

http://techcrunch.com/2015/01/19/microsoft-outlook-hacked-in-china-new-report-finds/

By Sarah Perez
Techtcrunch
1/19/2015

Only a few weeks after Google’s Gmail service was blocked in China, a new 
report from online censorship monitoring organization GreatFire.org 
released this morning states that Microsoft’s email system Outlook was 
recently subjected to a “man-in-the-middle” attack in China. This is a 
form of eavesdropping where the attacker inserts himself in between the 
victims’ connections, relaying messages between them while the victims’ 
continue believe they have a secure, private connection. Meanwhile, the 
attacker is able to read all the content they’re sharing.

GreatFire.org was able to verify the attack itself, after receiving 
reports of its existence on January 17. It noted that IMAP and SMTP for 
Outlook were affected, but the web interfaces for Microsoft’s webmail 
services were not. (That is, Outlook.com and Login.live.com were not 
affected).

The attack continued for a about a day, and has since stopped, the report 
states.

Affected users were shown warning messages in their email clients that 
weren’t as immediately worrisome as those web browsers display, which 
means that some users may not have been aware that an attack was taking 
place. For example, in an example screenshot GreatFire.org posted, an 
iPhone warning message says “Cannot Verify Server Identity,” but asks if 
the user wants to continue anyway. However, when GreatFire.org reproduced 
the same result via the Firefox web browser, the message the browser 
offers is far more detailed, saying also that the error could means “that 
someone is trying to impersonate the site, and you shouldn’t continue.”

[...]

--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/