[164477] in North American Network Operators' Group
Re: Office 365..? how Microsoft handed the NSA access to encrypted
daemon@ATHENA.MIT.EDU (Bruce Pinsky)
Fri Jul 12 17:24:13 2013
Date: Fri, 12 Jul 2013 14:23:43 -0700
From: Bruce Pinsky <bep@whack.org>
To: Matt Baldwin <baldwinmathew@gmail.com>
In-Reply-To: <CAB5jfjEMc=ft7qTMQVbZ1zc_4brAE0i6OOZ-aMyBv4PKVB=8HA@mail.gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Reply-To: bep@whack.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Matt Baldwin wrote:
> While that would secure the connections from snooping if you're mailboxes
> are on Office 365 and those mailbox stores do not exits on an encrypted LUN
> then a service can easily read the Exchange database; anyone with server
> access can read mail across all mailboxes. In fact, Microsoft supports this
> type of setup with impersonation, e.g. a global user that can query any
> mailbox it has permissions to within Exchange. This is how some EWS
> integrated applications work. It wouldn't be that far fetched for the NSA
> to incorporate the same type of query to monitor the mailboxes -- even
> subscribing to change notifications so it only queries and collects when a
> new mail item has arrived. Additionally, Office 365 can simply create a
> journal rule and have all inbound / outbound mail journal to a location
> that makes it easier for snoops to look through the messages, e.g. an
> external SMTP endpoint, all without the end customers' knowledge.
>
> If anyone has any questions on Exchange they, too, can contact me off list.
>
> Just my 2-cents.
Any what's to say that email addresses at Office 365 aren't just mailing
lists where you get a copy and so does $FEDAGENCY. That's how my kids'
email addresses work at home :-)
- --
=========
bep
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlHgc98ACgkQE1XcgMgrtyYZhgCg3CO8DJfFDXJWj8W6JuasjeOf
VeQAnRmhMfhyp5M7S81fxagW96ZGWoCH
=LDSL
-----END PGP SIGNATURE-----
