Re: Posible Security hole in Outlook 2000

From: B. Goodman (no@spam.org)
Date: 08/29/02 

From: B. Goodman <no@spam.org>
Date: Thu, 29 Aug 2002 16:00:00 -0400

In article <b63101c24ed5$01a0c830$9ae62ecf@tkmsftngxa02>,
LLEINOW@hotmail.com says...
> I discovered this today and I wanted to know if this is a
> feature of Exchange/Outlook or a mis-configuration on my
> part. Perhaps I am over reacting, but what I describe
> below has the potential to change your e-mails into words
> that you did not write.
>
> Here is the problem:
> From my Outlook 2000 Inbox I open up a message that I
> received. I edit some of the text in the message, then
> click on the X to close the message. Then I a dialog box
> pops up asking if I want to save the message.
> If I say yes, it saves the message for me, including the
> changes that I made to the text that someone else sent to
> me.
>
> I understand the point of saving the message is to ensure
> nothing is lost if I close a email message or if my system
> crashes while typing, but I think this opens up a very big
> security question regarding the integrity of Outlook
> email. I can&#8217;t remember this happening in Outlook 97, but
> I am not sure I ever tried.
> Hopefully there is a configuration setting somewhere that
> I do not have enabled and someone out there perhaps knows
> how to fix this.
> Much obliged,
> LRL
>
>
I think it may have always worked this way. Outlook was never really
intended to have security or integrity. If this bothers you, you should
do the same experiment on a digitally signed e-mail. Same result, but
the scary / amusing part is that you can click on the button to verify
that the message was not altered and it will STILL VERIFY. So, the
process that verifies that the message wasn't altered during
transmission DOES NOTHING to show that the message was altered AFTER
RECEIPT.

Hey, I've got this digitally signed e-mail from my boss saying that I'm
immediately getting a 30% raise, retroactive to my first day with the
company.... ;)

Quantcast