Bad news if you tried to access your Outlook email from China this weekend...

Outlook.comIs privacy important to you? It is to many people and businesses around the world, who like to feel confident that nobody is snooping upon their private communications.

Have some sympathy then for the people of China, who appear to have suffered a man-in-the-middle (MITM) on Saturday 17 January, according to anti-censorship group GreatFire.org.

According to the group, parties unknown (but widely suspected to be the Chinese authorities) were sitting in between communications. Which means that someone could have not only read any messages sent to and from the Outlook.com (formerly Hotmail) accounts - they could also have potentially altered them on the fly.

Man-in-the-middle attack

Vigilant Outlook users in China might have realised something fishy was going on, as an alert message would have appeared saying that the server's identity could not be verified.

Error message

But seeing as many people would simply jab at the "Continue" button, and not be troubled by the error message again - there's a good chance many users would have been oblivious that there was a serious problem. Such is human nature...

GreatFire noted that attempts to access the web versions of Outlook.com and Hotmail.com worked properly, but if you were using client software to access your email via Outlook's SMTP and IMAP servers - messages sent and received by people in China could have been snooped upon.

untrusted connection

This attack against Outlook users is just the latest in a series of scares for internet users in China, who at the end of last year found themselves completely blocked from accessing Gmail.

More details can be found on the GreatFire website.

Tags: , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , ,

One Response

  1. Pete Marchetto

    April 23, 2015 at 11:24 am #

    Sad to say, I think most of us have got used to it. Someone was in my Outlook today, apparently, according to an alert from Microsoft. When I try to log into the necessary gubbins to change my password, I keep getting a message that it can't be done right now, try again later… so I guess they don't want us to change our passwords either now they've got them all collected.

    I'm past giving a toss so long as they don't stop me reading my own damned mail when they’ve finished perusing it. Frankly, it's a mess here right now with the internet, never been worse in the fifteen years I've been here, and for as long as companies such as Microsoft they mess with don't object – which they won't, money you know – then the government has carte blanche to do as it wants.

    Everyone is being very conciliatory to Xi at the moment, for all he's doing that's regressive. All I can say is that if you give a damn who reads your email, don't use email in China. Better still, move your interests elsewhere. If it's not this, it'll be something else.

Leave a Reply