Email or username:

Password:

Forgot your password?
Harry's posts Back to profile
3 posts total
Harry Sintonen

In January 2022 I discovered that #Microsoft #Office365 Message #Encryption (OME) utilized Electronic Codebook (ECB) mode of operation. I reported this, got paid a $5000 bounty and then things fell dead silent. By autumn I tried to follow up on this, and after numerous attempts to inquire about the schedule for a fix I was told that no fix was planned.

Luckily, Microsoft seems to have changed their mind about this, and the fix was applied in late 2023, after all:

learn.microsoft.com/en-us/purv

#vulnerability #infosec #cybersecurity

In January 2022 I discovered that #Microsoft #Office365 Message #Encryption (OME) utilized Electronic Codebook (ECB) mode of operation. I reported this, got paid a $5000 bounty and then things fell dead silent. By autumn I tried to follow up on this, and after numerous attempts to inquire about the schedule for a fix I was told that no fix was planned.

Image demonstrating the weakness of Electronic Code Book mode of operation. The text "You failed at crypto" can be read even though it is AES-256 encrypted.
29 November at 12:06 | Open on infosec.exchange
Harry Sintonen
Harry Sintonen

#todayilearned - There's an #opensource tool for creating "Hollywood melodrama technobabble". blog.dustinkirkland.com/2014/1
github.com/dustinkirkland/holl
For example Air Crash Investigations #tvseries (known as "Mayday" in US) uses it. @kirkland

Still frame from Air Crash Investigations (Mayday in US) showing use of Dustin Kirkland's "hollywood" open source software.
24 March at 21:21 | Open on infosec.exchange
Go Up