back to article T-Mobile Austria stores passwords as plain text, Outlook gets message crypto, and more

While Facebook caught most of the security-related flak this week, there were other infosec stories out there. Here's a summary of stuff happening, beyond what we've already covered. Don't get pwned. Word. Dude Microsoft, which used to be a byword for insecure software until Bill Gates' trustworthy computing memo that turned …

  1. artbristol

    outlook.com is not offering "end-to-end" email encryption

    Obviously it's not end-to-end. Microsoft must hold the encryption keys, otherwise how would an arbitrary recipient decrypt the message?

    The link you provide is to the desktop app, which supports S/MIME, which *is* end-to-end, but users need to deal with keys.

    1. Anonymous Coward
      Anonymous Coward

      Re: outlook.com is not offering "end-to-end" email encryption

      Of course it's end to end. But -same as WhatsApp etc.- they don't tell you where the ends are.

    2. Michael Wojcik Silver badge

      Re: outlook.com is not offering "end-to-end" email encryption

      The link you provide is to the desktop app, which supports S/MIME

      And has at least since 2003. Unfortunately, few people use it, probably because:

      - X.509 PKI has always been, and remains, a mighty clusterfuck for non-experts to administer and use. Actually, it's a mighty clusterfuck for experts too; we're just aware of it.

      - Users would have to obtain certificates from public CAs if they wanted recipients outside their organization to be able to verify their signatures, and that costs money.

      - At least in the past, signatures weren't timestamped, so you had the usability problem that old messages would eventually start showing signature errors when the signing certificate expired. It's not much of a concern if you checked the signature before the certificate expired,1 but it's annoying and confusing for users. I don't know if that's been fixed.

      - The usual critical-mass problem: It's never become sufficiently popular to drive further adoption simply by its own popularity.

      - Many security professionals, who might otherwise have helped drive S/MIME adoption, stick with PGP2 instead.

      - Outlook's S/MIME implementation has been problematic.

      Personally, I trust Outlook's S/MIME more than whatever Microsoft is now touting as "Outlook end-to-end encryption" (even if that S/MIME implementation was largely useless as recently as last year). But in practice when I need encrypted email I use PGP, as only a few people I correspond with are set up for S/MIME.

      1Except for the revocation problem. The issue there is that CAs remove expired certificates from CRLs and OCSP responses, because otherwise their lists of revoked certificates would grow unbounded. But that means that once a certificate has expired, you can't tell whether it was ever revoked (unless you saved that information yourself). Of course timestamps don't solve this problem, and arguably aggravate it. But revocation is its own special circle of PKI Hell.

      2Well, with some OpenPGP implementation, usually gpg.

  2. SVV

    What if this doesn't happen because our security is amazingly good?

    This quote is going on the office wall on Monday morning. And underneath, in a small font, "And what if this does happen because our security isn't as amazingly good as we thought it was?"

  3. Will Godfrey Silver badge
    Facepalm

    Not Good Enough

    Recovery from up to 30 days Eh?

    So the next bit of ransomware will quietly install, but only activate 31 days later.

    1. James O'Shea

      Re: Not Good Enough

      What matters is how long it’s been since the files were encrypted, a.k.a. since the ransomware starts working, not when the ransomware is installed. Having ransomware sitting, not working, and not detected, on your system is pretty bad, but if it starts working users have 30 days to notice and restore the affected files. And once it starts working it should be easily detected and killed.

      Frankly, if ransomware got onto a system _I_ was responsible for, I’d reformat the volume and restore from known good backups dating from prior to the malware’s install and would be very careful about restoring from backups made after the malware was present. Such backups would have to be extensively sanitized before they went anywhere near a production machine. Yes, this would take time. Yes, this would add costs. Yes, some data might be lost because I couldn’t be sure that it was safe. Certainly I’d just dump the whole thing back onto production machines, if ordered to, in writing, by a senior exec. Otherwise, no, it’s stays offline unless sanitized.

      1. Will Godfrey Silver badge

        Re: Not Good Enough

        I beg to differ.

        While I agree that the only real answer is to nuke the lot (that would be 2 weeks loss of data for me), restoring from just before the malware struck would leave it in place, whereby if it was date-sensing it would immediately strike again. While a professional user might know how to perform a recovery and trace the malware before running the restored system, the vast majority of onedrive users would be quite lost.

  4. JakeMS
    Facepalm

    T-Mobile

    Really, really?

    Firstly, no one in any position should ever be able to see even one character of a users password, let alone four!

    You can easily encrypt passwords and store them. You can easily code your systems to unlock a user account based on that encrypted password. This has been done at least once in the past already.

    There's never a good reason to store passwords as plain text. Also, data protection anyone? Wouldn't that fall under failing to adequately secure user data?

    And lastly.. no ones security is amazingly good. The world can be hacked. Never assume you're immune from it.. you're not.

    Although, storing passwords in plain text casts serious doubt over the rest of the systems security. What else are they doing wrong?

    1. Nick Ryan Silver badge

      Re: T-Mobile

      Very much like banks that are so "secure" that they insist on certain characters out of the extent of your password. In other words, they have the thing in plain text in order to compare individual characters.

      There is a good reason that other systems, which are operated by people with a clue about security, do not do the same.

      1. Doctor Syntax Silver badge

        Re: T-Mobile

        Very much like banks that are so "secure" that they insist on certain characters out of the extent of your password. In other words, they have the thing in plain text in order to compare individual characters.

        They ask for a combination of several characters. Let's try this one for size:

        - You enter a new password.

        - The bank extracts combinations of N characters. Perhaps all possible combinations, perhaps a subset of a long password.

        - Each combination is hashed and the hashes stored together with a note of the positions of the characters of that combination.

        - When you log on the system chooses one particular combination, asks you for the relevant characters, hashes what you enter and compares the result to the stored hash.

        Not only can this be achieved without storing plain text, the system doesn't even store your password as a single entity, not even when hashed.

        1. find users who cut cat tail

          Re: T-Mobile

          > Each combination is hashed and the hashes stored together with a note of the positions of the characters of that combination.

          This certainly provides *more* information about the password than a single hash if it leaks. Might need some new clever rainbow table tricks or something, but anyway: do not attempt home-baked security based on ideas you gave about 20s of thought...

        2. Anonymous Coward
          Anonymous Coward

          Re: T-Mobile

          Really?

          You think that a bank that hasn't yet figured out two factor auth is using a hash scheme like this?

          Yes what you describe is possible. The chance of Natwest using it is infinitesimally small. And if they are using it, why wouldn't they respond to multiple complaints about their poor practice with a explanation of the smart thing they are doing?

      2. Anonymous Coward
        Anonymous Coward

        they insist on certain characters out

        That has more to do with web\scripts developers who never understood the existence of binary data. They think there's only one, universal, data type and that's the string. When you manipulate strings, some characters may get in the way, and break your lame code. If you just handle a password as an array of bytes, of course it doesn't matter.

        Also, I' worried when they enforce a short length, because that makes me think they don't hash.

      3. tiggity Silver badge

        Re: T-Mobile

        Indeed, which is why I never use Verified by Visa (or its equivalents) that ask for chars 4,6,7 and 9 (or whatever) of your password (which can only realistically mean plain text password stored

      4. Anonymous Coward
        Anonymous Coward

        Re: T-Mobile

        I've been flagging this NatWest since I first accessed their web site 7 or 8 years ago.

        And they still store passwords in plain text - shocking.

        Unfortunately since I currently live overseas no other UK bank will let me open an account because they can't find a credit record for me - even though I told them they won't because i have never borrowed any money in the UK, but I have had accounts in good standing with them for 25+ years. Apparently my driving license, passport, etc are not enough to prove identity any more. But a gas bill in my name would be worth its weight in platinum.

        1. Anonymous Coward
          Anonymous Coward

          Re: Opening a bank account.

          You can AFAIK open a bank account, without credit records, when abroad. What you may need though is a UK residency if opening a UK account.

          Most may require you to provide ID and/or be interviews in the UK. As part of normal laws, or as part of their security checks to prevent fake applications.

          It may however be a restricted account if they don't have any credit records. You may only get a cash account... which is rather useless if wanting internet banking. But AFAIK there should be one or two which do allow internet banking.

    2. Anonymous Coward
      Anonymous Coward

      Re: Customer service.

      Customer: Is that warehouse you store products you are trying to sell me on like, fire?

      Customer Service: But what if it was amazingly good fire?

      The Twitter conversation is just painful. 110% customer service happy and positive, but painful.

    3. Anonymous Coward
      Anonymous Coward

      Re: T-Mobile

      Personally I wouldn't trust any customer service drone on Twitter to have a clue how passwords are actually stored - more likely they'll tell you something that reflects how they think it must work, without really understanding the technicalities.

  5. Jaap Aap

    "Word, Excel, and PowerPoint are also getting an upgrade, with automatic scanning of links embedded in documents. The new code will check out the URLs to make sure that they aren't on Redmond's databases of dodgy websites and pages."

    And it will immediately try to run all executables it might find.

  6. david bates

    PlusNET also holds passwords as plain text and sees nothing wrong with that - nothing can go wrong because of reasons I didn't fully understand.

    It is, however, the main reason I left them.

    1. caffeine addict

      Wait, what?

      Do you have a cite for that, because that's f*cked up.

  7. jms222

    as plain text

    Yes there _is_ a good reason to keep them as plain text. Certain protocols demand it. Kerberos and CHAP for example.

    The popular salt/hash method demands that the password is transmitted plain and nothing ever goes from with HTTPS and dodgy certificates does it.

    Having plain text passwords at both ends and using them for crypto actually _avoids_ the need to send your password as plain text (over an encrypted channel admittedly) and the security problem that might arise as a result if your webserver is owned.

    Security problems are usually the result of stupidity like not putting the authentication server in a separate sealed box where passwords go in but never come out.

    1. Doctor Syntax Silver badge

      Re: as plain text

      "The popular salt/hash method demands that the password is transmitted plain"

      It demands that the password be made available to be hashed for comparison with the stored has. How it gets from keyboard to hashing algorithm is not addressed. It can be encrypted in transit and decrypted to be hashed.

  8. Anonymous Coward
    Anonymous Coward

    Finnish f**kup

    I have a problem with that.

    If you are considering to use an expletive, please either use it in full or do not bother. Intentional misspelling such as seen in this article are silly and very much distracting.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like