Forwarded From: "Jay D. Dyson" <jdyson@techreports.jpl.nasa.gov>
[This is a couple of weeks old, but I haven't seen this one kicked around.
IMHO, it should get some attention. Microsoft's "features" once again
make misery! - Jay]
Courtesy of RISKS-FORUM Digest 19.76, as re-posted by James Glave.
The risk here is that an e-mail that was intended to be sent encrypted is
instead sent as cleartext, thanks to a completely avoidable bug in the
interface. Obviously the interface testers dropped the ball here in a big
way.
http://www.wired.com/news/news/technology/story/12249.html
Security Bugaboo in MS Outlook?
by Michael Stutz, 12 May 1998
The user interface of Microsoft's Outlook 98 e-mail application is the
cause of a new security-related bug, where users could be fooled into
thinking that an unencrypted communication is actually encrypted -- thus
sending potentially sensitive information in plaintext over the wires.
"The problem manifests itself two ways," said Scott Gode, Microsoft
product manager for Outlook. "One is that the message is not digitally
signed, and the second is that the message is not encrypted." VeriSign
Inc. makes the digital certificates that are used with the S/MIME
encryption in Outlook 98; these certificates are used to encrypt and
create digital signatures for messages sent with the program. The bug
arises when a user creates an encrypted message and then tries to cancel
it -- the message is not cancelled, but is sent, sans encryption. When a
recipient replies to the message, thinking that it was an encrypted
communication, the reply e-mail is also sent with no encryption. "All
further messages sent in reply from either party are sent as unencrypted
plaintext messages. And there's no notification to anybody along the way
at any time," said Russ Cooper, consultant and moderator of the NT Bugtraq
and NT Security mailing lists. Cooper discovered the bug while testing the
S/MIME crypto features of Outlook 98. The flaw is not in VeriSign's
crypto implementation, rather it's in Outlook 98's user interface.
"This is mainly a user interface issue," said Gode. "The architecture and
integrity of what we're doing is not flawed -- it's just the way that the
software responds to the dialog box." "It looks to me that this is very
specific to this implementation," said Glenn Langford, group manager for
desktop applications at security and crypto software company Entrust
Technologies. "This kind of thing wouldn't happen in our scenario,
because in an Entrust environment, what we're doing is not just issuing
certificates -- we're doing the certificates, the key management,
toolkits, and the e-mail plug-in implementation all at the same time," he
said. The weakness of the VeriSign situation, he said, is that it's up to
the implementor of the e-mail package -- in this case, Microsoft -- to do
the security properly, because there's no toolkit running on the client
platform. So if there's a bug involving the e-mail package, even though
the VeriSign application functions perfectly, there's a security hole.
Bruce Schneier, crypto expert and president of Counterpane Systems, is
fascinated by the bug. "It's yet another example of cryptography broken
by bad user design," he said. "This works counter-intuitively." "They've
gotta fix it -- they can't wait for the next version, in my opinion,"
Cooper said. Microsoft, however, is unable to reproduce the bug. "We've
been able to reproduce the problem of [a message] not being digitally
signed," Gode said, "but have not been able to reproduce the problem of [a
message] not being encrypted, which is obviously the more potentially
damaging of the two." Gode said that the company had been aware of the
bug from other sources since late April, about a month after Outlook 98
was released. He said that the company has contacted Cooper -- who made
his description of the bug public on Friday -- with the hope of getting
more data so that they could reproduce it. As to what causes the second
part of the bug, where the message is sent unencrypted, Gode said that any
number of possibilities could be involved, including how Cooper configured
his machine -- or an error on Microsoft's part. "It could be a legitimate
thing that we messed up on," he said. "I'm not ruling that out, but
because we can't reproduce it and because we're not hearing this from
other people, it's hard to say at this point." How could such a simple
bug have slipped through development testing? "People don't notice,
because code is complicated," said Schneier. "This is the big problem with
the Net. Look at Netscape Navigator:
It comes out, bugs are found, bugs are fixed; more bugs are found, more
bugs are fixed -- you'd think it gets better, but then a newer version of
Navigator is released, with 80 percent more source code, more lines of
code," he said. "There's absolutely no substitute for public scrutiny,"
Schneier said. "But you only get scrutiny to the level of what's public."
And so if any portion of the code is unavailable for scrutiny, the
security risk is increased. "Not just the security portion of a code can
compromise security," Schneier said. "Just because the digital signature
and key management [portions of the source code] are correct, doesn't mean
that you can't write a user interface that breaks the security." Not
everyone thinks this bug is so catastrophic. "It would be a bug of a
different magnitude if the user who sent the original message had every
reason to believe that it were sent encrypted," said Ted Julian, an
analyst at Forrester Research. As for when the bug will be fixed,
Microsoft said it will play it by ear. "If [the problem] is severe and if
it's something that it turns out we're able to reproduce -- and we think
it could cause problems to other users -- that might necessitate some sort
of little patch that we could make available on the Web," said Gode. "If
it remains just the digital signing problem, that would be something we'll
probably just have people live with for now until an interim release -- if
there is one -- or until the next version comes out." Check on other Web
coverage of this story with NewsBot
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Fri May 29 23:13:00 1998