Forwarded From: "Jay D. Dyson" <jdysonat_private> [This is a couple of weeks old, but I haven't seen this one kicked around. IMHO, it should get some attention. Microsoft's "features" once again make misery! - Jay] Courtesy of RISKS-FORUM Digest 19.76, as re-posted by James Glave. The risk here is that an e-mail that was intended to be sent encrypted is instead sent as cleartext, thanks to a completely avoidable bug in the interface. Obviously the interface testers dropped the ball here in a big way. http://www.wired.com/news/news/technology/story/12249.html Security Bugaboo in MS Outlook? by Michael Stutz, 12 May 1998 The user interface of Microsoft's Outlook 98 e-mail application is the cause of a new security-related bug, where users could be fooled into thinking that an unencrypted communication is actually encrypted -- thus sending potentially sensitive information in plaintext over the wires. "The problem manifests itself two ways," said Scott Gode, Microsoft product manager for Outlook. "One is that the message is not digitally signed, and the second is that the message is not encrypted." VeriSign Inc. makes the digital certificates that are used with the S/MIME encryption in Outlook 98; these certificates are used to encrypt and create digital signatures for messages sent with the program. The bug arises when a user creates an encrypted message and then tries to cancel it -- the message is not cancelled, but is sent, sans encryption. When a recipient replies to the message, thinking that it was an encrypted communication, the reply e-mail is also sent with no encryption. "All further messages sent in reply from either party are sent as unencrypted plaintext messages. And there's no notification to anybody along the way at any time," said Russ Cooper, consultant and moderator of the NT Bugtraq and NT Security mailing lists. Cooper discovered the bug while testing the S/MIME crypto features of Outlook 98. The flaw is not in VeriSign's crypto implementation, rather it's in Outlook 98's user interface. "This is mainly a user interface issue," said Gode. "The architecture and integrity of what we're doing is not flawed -- it's just the way that the software responds to the dialog box." "It looks to me that this is very specific to this implementation," said Glenn Langford, group manager for desktop applications at security and crypto software company Entrust Technologies. "This kind of thing wouldn't happen in our scenario, because in an Entrust environment, what we're doing is not just issuing certificates -- we're doing the certificates, the key management, toolkits, and the e-mail plug-in implementation all at the same time," he said. The weakness of the VeriSign situation, he said, is that it's up to the implementor of the e-mail package -- in this case, Microsoft -- to do the security properly, because there's no toolkit running on the client platform. So if there's a bug involving the e-mail package, even though the VeriSign application functions perfectly, there's a security hole. Bruce Schneier, crypto expert and president of Counterpane Systems, is fascinated by the bug. "It's yet another example of cryptography broken by bad user design," he said. "This works counter-intuitively." "They've gotta fix it -- they can't wait for the next version, in my opinion," Cooper said. Microsoft, however, is unable to reproduce the bug. "We've been able to reproduce the problem of [a message] not being digitally signed," Gode said, "but have not been able to reproduce the problem of [a message] not being encrypted, which is obviously the more potentially damaging of the two." Gode said that the company had been aware of the bug from other sources since late April, about a month after Outlook 98 was released. He said that the company has contacted Cooper -- who made his description of the bug public on Friday -- with the hope of getting more data so that they could reproduce it. As to what causes the second part of the bug, where the message is sent unencrypted, Gode said that any number of possibilities could be involved, including how Cooper configured his machine -- or an error on Microsoft's part. "It could be a legitimate thing that we messed up on," he said. "I'm not ruling that out, but because we can't reproduce it and because we're not hearing this from other people, it's hard to say at this point." How could such a simple bug have slipped through development testing? "People don't notice, because code is complicated," said Schneier. "This is the big problem with the Net. Look at Netscape Navigator: It comes out, bugs are found, bugs are fixed; more bugs are found, more bugs are fixed -- you'd think it gets better, but then a newer version of Navigator is released, with 80 percent more source code, more lines of code," he said. "There's absolutely no substitute for public scrutiny," Schneier said. "But you only get scrutiny to the level of what's public." And so if any portion of the code is unavailable for scrutiny, the security risk is increased. "Not just the security portion of a code can compromise security," Schneier said. "Just because the digital signature and key management [portions of the source code] are correct, doesn't mean that you can't write a user interface that breaks the security." Not everyone thinks this bug is so catastrophic. "It would be a bug of a different magnitude if the user who sent the original message had every reason to believe that it were sent encrypted," said Ted Julian, an analyst at Forrester Research. As for when the bug will be fixed, Microsoft said it will play it by ear. "If [the problem] is severe and if it's something that it turns out we're able to reproduce -- and we think it could cause problems to other users -- that might necessitate some sort of little patch that we could make available on the Web," said Gode. "If it remains just the digital signing problem, that would be something we'll probably just have people live with for now until an interim release -- if there is one -- or until the next version comes out." Check on other Web coverage of this story with NewsBot -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:54:24 PDT