[ISN] Security bug in MS Outlook

From: mea culpa (jerichoat_private)
Date: Fri May 29 1998 - 18:12:44 PDT

  • Next message: mea culpa: "[ISN] Programmer sentenced for military computer intrusion"

    Forwarded From: "Jay D. Dyson" <jdysonat_private>
    [This is a couple of weeks old, but I haven't seen this one kicked around. 
     IMHO, it should get some attention.  Microsoft's "features" once again
     make misery! - Jay]
    Courtesy of RISKS-FORUM Digest 19.76, as re-posted by James Glave.
    The risk here is that an e-mail that was intended to be sent encrypted is
    instead sent as cleartext, thanks to a completely avoidable bug in the
    interface.  Obviously the interface testers dropped the ball here in a big
    Security Bugaboo in MS Outlook?
    by Michael Stutz, 12 May 1998
    The user interface of Microsoft's Outlook 98 e-mail application is the
    cause of a new security-related bug, where users could be fooled into
    thinking that an unencrypted communication is actually encrypted -- thus
    sending potentially sensitive information in plaintext over the wires. 
    "The problem manifests itself two ways," said Scott Gode, Microsoft
    product manager for Outlook. "One is that the message is not digitally
    signed, and the second is that the message is not encrypted."  VeriSign
    Inc. makes the digital certificates that are used with the S/MIME
    encryption in Outlook 98; these certificates are used to encrypt and
    create digital signatures for messages sent with the program. The bug
    arises when a user creates an encrypted message and then tries to cancel
    it -- the message is not cancelled, but is sent, sans encryption.  When a
    recipient replies to the message, thinking that it was an encrypted
    communication, the reply e-mail is also sent with no encryption.  "All
    further messages sent in reply from either party are sent as unencrypted
    plaintext messages. And there's no notification to anybody along the way
    at any time," said Russ Cooper, consultant and moderator of the NT Bugtraq
    and NT Security mailing lists. Cooper discovered the bug while testing the
    S/MIME crypto features of Outlook 98.  The flaw is not in VeriSign's
    crypto implementation, rather it's in Outlook 98's user interface. 
    "This is mainly a user interface issue," said Gode.  "The architecture and
    integrity of what we're doing is not flawed -- it's just the way that the
    software responds to the dialog box."  "It looks to me that this is very
    specific to this implementation," said Glenn Langford, group manager for
    desktop applications at security and crypto software company Entrust
    Technologies.  "This kind of thing wouldn't happen in our scenario,
    because in an Entrust environment, what we're doing is not just issuing
    certificates -- we're doing the certificates, the key management,
    toolkits, and the e-mail plug-in implementation all at the same time," he
    said.  The weakness of the VeriSign situation, he said, is that it's up to
    the implementor of the e-mail package -- in this case, Microsoft -- to do
    the security properly, because there's no toolkit running on the client
    platform. So if there's a bug involving the e-mail package, even though
    the VeriSign application functions perfectly, there's a security hole. 
    Bruce Schneier, crypto expert and president of Counterpane Systems, is
    fascinated by the bug.  "It's yet another example of cryptography broken
    by bad user design," he said. "This works counter-intuitively."  "They've
    gotta fix it -- they can't wait for the next version, in my opinion,"
    Cooper said.  Microsoft, however, is unable to reproduce the bug.  "We've
    been able to reproduce the problem of [a message] not being digitally
    signed," Gode said, "but have not been able to reproduce the problem of [a
    message] not being encrypted, which is obviously the more potentially
    damaging of the two."  Gode said that the company had been aware of the
    bug from other sources since late April, about a month after Outlook 98
    was released. He said that the company has contacted Cooper -- who made
    his description of the bug public on Friday -- with the hope of getting
    more data so that they could reproduce it.  As to what causes the second
    part of the bug, where the message is sent unencrypted, Gode said that any
    number of possibilities could be involved, including how Cooper configured
    his machine -- or an error on Microsoft's part.  "It could be a legitimate
    thing that we messed up on," he said. "I'm not ruling that out, but
    because we can't reproduce it and because we're not hearing this from
    other people, it's hard to say at this point."  How could such a simple
    bug have slipped through development testing?  "People don't notice,
    because code is complicated," said Schneier. "This is the big problem with
    the Net. Look at Netscape Navigator: 
    It comes out, bugs are found, bugs are fixed; more bugs are found, more
    bugs are fixed -- you'd think it gets better, but then a newer version of
    Navigator is released, with 80 percent more source code, more lines of
    code," he said.  "There's absolutely no substitute for public scrutiny," 
    Schneier said. "But you only get scrutiny to the level of what's public." 
    And so if any portion of the code is unavailable for scrutiny, the
    security risk is increased.  "Not just the security portion of a code can
    compromise security," Schneier said. "Just because the digital signature
    and key management [portions of the source code] are correct, doesn't mean
    that you can't write a user interface that breaks the security."  Not
    everyone thinks this bug is so catastrophic.  "It would be a bug of a
    different magnitude if the user who sent the original message had every
    reason to believe that it were sent encrypted," said Ted Julian, an
    analyst at Forrester Research.  As for when the bug will be fixed,
    Microsoft said it will play it by ear.  "If [the problem] is severe and if
    it's something that it turns out we're able to reproduce -- and we think
    it could cause problems to other users -- that might necessitate some sort
    of little patch that we could make available on the Web," said Gode. "If
    it remains just the digital signing problem, that would be something we'll
    probably just have people live with for now until an interim release -- if
    there is one -- or until the next version comes out."  Check on other Web
    coverage of this story with NewsBot
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:54:24 PDT