#Microsoft Outlook Hacked In China New Report Finds Only a few weeks after Google Gmail service was blocked in China a new report from online censorship monitoring organization Greatfire. org released this morning states that Microsoft email system Outlook was subjected recently to a an-in-the-middleattack in China. This is a form of eavesdropping where the attacker inserts himself in between the victimsconnections relaying messages between them while the victimscontinue believe they have a secure private connection. Meanwhile the attacker is able to read all the content theye sharing. Greatfire. org was able to verify the attack itself after receiving reports of its existence on January 17. It noted that IMAP and SMTP for Outlook were affected but the web interfaces for Microsoft webmail services were not. That is Outlook. com and Login. live. com were affected not. The attack continued for a about a day and has stopped since the report states. Affected users were shown warning messages in their email clients that weren as immediately worrisome as those web browsers display which means that some users may not have been aware that an attack was taking place. For example in an example screenshot Greatfire. org posted an iphone warning message says annot Verify Server Identitybut asks if the user wants to continue anyway. However when Greatfire. org reproduced the same result via the Firefox web browser the message the browser offers is far more detailed saying also that the error could means hat someone is trying to impersonate the site and you shouldn continue. uring this attack users would only see the pop-up warning when their email client tried to automatically retrieve new messages. In most cases they would simply hit ontinueto dismiss the message likely thinking that a network problem was to blame. But by doing so their emails contacts and passwords were able to be logged by the hacker. The self-signed certificate is suspected to be from CNNIC (China Internet Network Information center) which is governed by the Cyberspace Administration of China as this would be consistent with previous man-in-the-middle (MITM) attacks in China. iven the dangerous nature of this attack on Outlook we again strongly encourage organizations including Microsoft and Apple to immediately revoke trust for the CNNIC certificate authoritysays Greatfire. org. Below: What happens when a Chinese user accesses Outlook in their email client: The attack comes within a month of China blocking Gmail which despite a slight recovery is still inaccessible in China. It also one of many recent MITM attacks in China including those affecting services from Google Yahoo and Apple in the past. e once again suspect that Lu Wei and the Cyberspace Administration of China have orchestrated this attack or have allowed willingly the attack to happenwrites Greatfire. org in its report. f our accusation is correct this new attack signals that the Chinese authorities are intent on further cracking down on communication methods that they cannot readily monitor. ee reached out to Microsoft for comment on this attack and will update if they offer a response n
Overtext Web Module V3.0 Alpha
Copyright Semantic-Knowledge, 1994-2011