Office 365..? how Microsoft handed the NSA access to encrypted messages

Nick Khamis symack at gmail.com
Fri Jul 12 23:18:35 UTC 2013


On Fri, Jul 12, 2013 at 5:23 PM, Bruce Pinsky <bep at whack.org> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Matt Baldwin wrote:
> > While that would secure the connections from snooping if you're mailboxes
> > are on Office 365 and those mailbox stores do not exits on an encrypted
> LUN
> > then a service can easily read the Exchange database; anyone with server
> > access can read mail across all mailboxes. In fact, Microsoft supports
> this
> > type of setup with impersonation, e.g. a global user that can query any
> > mailbox it has permissions to within Exchange. This is how some EWS
> > integrated applications work. It wouldn't be that far fetched for the NSA
> > to incorporate the same type of query to monitor the mailboxes -- even
> > subscribing to change notifications so it only queries and collects when
> a
> > new mail item has arrived. Additionally, Office 365 can simply create a
> > journal rule and have all inbound / outbound mail journal to a location
> > that makes it easier for snoops to look through the messages, e.g. an
> > external SMTP endpoint, all without the end customers' knowledge.
> >
> > If anyone has any questions on Exchange they, too, can contact me off
> list.
> >
> > Just my 2-cents.
>
> Any what's to say that email addresses at Office 365 aren't just mailing
> lists where you get a copy and so does $FEDAGENCY.  That's how my kids'
> email addresses work at home :-)
>
>
> - --
> =========
> bep
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEARECAAYFAlHgc98ACgkQE1XcgMgrtyYZhgCg3CO8DJfFDXJWj8W6JuasjeOf
> VeQAnRmhMfhyp5M7S81fxagW96ZGWoCH
> =LDSL
> -----END PGP SIGNATURE-----
>


You spy on your kids? I thought not being able to put a lock on my door was
bad...

N.



More information about the NANOG mailing list