nanog mailing list archives
Re: Office 365..? how Microsoft handed the NSA access to encrypted messages
From: Matt Baldwin <baldwinmathew () gmail com>
Date: Fri, 12 Jul 2013 13:26:20 -0700
I should also note that even if the stores are on an encrypted LUN you are still exposed to impersonation and journaling. -matt On Fri, Jul 12, 2013 at 1:25 PM, Matt Baldwin <baldwinmathew () gmail com>wrote:
While that would secure the connections from snooping if you're mailboxes are on Office 365 and those mailbox stores do not exits on an encrypted LUN then a service can easily read the Exchange database; anyone with server access can read mail across all mailboxes. In fact, Microsoft supports this type of setup with impersonation, e.g. a global user that can query any mailbox it has permissions to within Exchange. This is how some EWS integrated applications work. It wouldn't be that far fetched for the NSA to incorporate the same type of query to monitor the mailboxes -- even subscribing to change notifications so it only queries and collects when a new mail item has arrived. Additionally, Office 365 can simply create a journal rule and have all inbound / outbound mail journal to a location that makes it easier for snoops to look through the messages, e.g. an external SMTP endpoint, all without the end customers' knowledge. If anyone has any questions on Exchange they, too, can contact me off list. Just my 2-cents. -matt On Fri, Jul 12, 2013 at 1:04 PM, Nick Khamis <symack () gmail com> wrote:We are currently working on something right now where all connections are doing over an encrypted vpn. We are bringing SIP, email, search, and cloud to the tunnel. You can contact me off list if you would like to know more. Nick Khamis
Current thread:
- Office 365..? how Microsoft handed the NSA access to encrypted messages Warren Bailey (Jul 11)
- Re: Office 365..? how Microsoft handed the NSA access to encrypted messages Rodrick Brown (Jul 11)
- Re: Office 365..? how Microsoft handed the NSA access to encrypted messages Grant Ridder (Jul 11)
- RE: Office 365..? how Microsoft handed the NSA access to encrypted messages Eric Wieling (Jul 12)
- Re: Office 365..? how Microsoft handed the NSA access to encrypted messages Grant Ridder (Jul 12)
- Re: Office 365..? how Microsoft handed the NSA access to encrypted messages Tom Morris (Jul 12)
- Re: Office 365..? how Microsoft handed the NSA access to encrypted messages Justin M. Streiner (Jul 12)
- Re: Office 365..? how Microsoft handed the NSA access to encrypted messages Nick Khamis (Jul 12)
- Re: Office 365..? how Microsoft handed the NSA access to encrypted messages Matt Baldwin (Jul 12)
- Re: Office 365..? how Microsoft handed the NSA access to encrypted messages Matt Baldwin (Jul 12)
- Re: Office 365..? how Microsoft handed the NSA access to encrypted messages Nick Khamis (Jul 12)
- Re: Office 365..? how Microsoft handed the NSA access to encrypted messages Bruce Pinsky (Jul 12)
- Re: Office 365..? how Microsoft handed the NSA access to encrypted messages Nick Khamis (Jul 12)
- Re: Office 365..? how Microsoft handed the NSA access to encrypted messages Grant Ridder (Jul 11)
- Re: Office 365..? how Microsoft handed the NSA access to encrypted messages Rodrick Brown (Jul 11)
- Re: Office 365..? how Microsoft handed the NSA access to encrypted messages Warren Bailey (Jul 12)
- Re: Office 365..? how Microsoft handed the NSA access to encrypted messages ryangard (Jul 12)
- Re: Office 365..? how Microsoft handed the NSA access to encrypted messages Valdis . Kletnieks (Jul 13)
- Re: Office 365..? how Microsoft handed the NSA access to encrypted messages Warren Bailey (Jul 13)
- Re: Office 365..? how Microsoft handed the NSA access to encrypted messages Eugeniu Patrascu (Jul 14)
- RE: Office 365..? how Microsoft handed the NSA access to encrypted messages Keith Medcalf (Jul 14)
- Re: Office 365..? how Microsoft handed the NSA access to encrypted messages Rodrick Brown (Jul 14)