this post was submitted on 29 Nov 2024
19 points (100.0% liked)

Cybersecurity

23 readers
4 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Rules

Community Rules

founded 2 years ago
MODERATORS
 

In January 2022 I discovered that #Microsoft #Office365 Message #Encryption (OME) utilized Electronic Codebook (ECB) mode of operation. I reported this, got paid a $5000 bounty and then things fell dead silent. By autumn I tried to follow up on this, and after numerous attempts to inquire about the schedule for a fix I was told that no fix was planned.

Luckily, Microsoft seems to have changed their mind about this, and the fix was applied in late 2023, after all:

https://learn.microsoft.com/en-us/purview/technical-reference-details-about-encryption#aes256-cbc-support-for-microsoft-365

#vulnerability #infosec #cybersecurity

top 4 comments
sorted by: hot top controversial new old
[–] [email protected] 5 points 3 weeks ago (1 children)

It's disheartening that supposedly the best of the best can struggle with cybersecurity basics. It doesn't leave much hope for the rest of us.

[–] [email protected] 1 points 3 weeks ago

I think you're very misguided if you think Microsoft is the best of the best at anything but driving their customers away. Specifically, power users.

[–] [email protected] 2 points 3 weeks ago (1 children)
[–] [email protected] 1 points 3 weeks ago