Month: July 2014

Microsoft new encryption efforts

Matt Thomlinson has posted an article “Advancing our encryption and transparency efforts” where he basically says that now the mail going though Outlook.com will be encrypted. Additionally that security enhancements to many other services, like Azure, Office 365, etc. are already deployed

Let’s take a closer look at those claims.

Outlook.com web interface

Quick scan of outlook.com using ssllabs.com scanner quickly shows that the servers are actually badly configured and support insecure, client-initiated renegotiation. In effect, they are vulnerable to the MITM attacks (CVE-2009-3555). Grade F.

They also don’t support TLS1.2 or perfect forward secrecy suites.

At least RC4 is not negotiated by default…

Very bad configuration.

Outlook.com SMTP

According to google data, the mails in transit are indeed encrypted both inbound and outbound.

And indeed, the configuration for the SMTP servers supports PFS, has good ordering of cipher suites and the certificates are trusted and have correct Subject Alternative Names:

./cipherscan -starttls smtp -servername mx1.hotmail.com mx1.hotmail.com:25
............                                
prio  ciphersuite              protocols                    pfs_keysize
1     ECDHE-RSA-AES256-SHA384  TLSv1.2                      ECDH,P-384,384bits
2     ECDHE-RSA-AES128-SHA256  TLSv1.2                      ECDH,P-256,256bits
3     ECDHE-RSA-AES256-SHA     TLSv1,TLSv1.1,TLSv1.2        ECDH,P-384,384bits
4     ECDHE-RSA-AES128-SHA     TLSv1,TLSv1.1,TLSv1.2        ECDH,P-256,256bits
5     AES256-SHA256            TLSv1.2 
6     AES128-SHA256            TLSv1.2
7     AES256-SHA               TLSv1,TLSv1.1,TLSv1.2
8     AES128-SHA               TLSv1,TLSv1.1,TLSv1.2
9     DES-CBC3-SHA             SSLv3,TLSv1,TLSv1.1,TLSv1.2
10    RC4-SHA                  SSLv3,TLSv1,TLSv1.1,TLSv1.2
11    RC4-MD5                  SSLv3,TLSv1,TLSv1.1,TLSv1.2

Certificate: trusted, 2048 bit, sha1WithRSAEncryption signature
TLS ticket lifetime hint: None
OCSP stapling: not supported
Server side cipher ordering

OK configuration.

OneDrive web interface

The onedrive.live.com has also a good configuration. Grade A+. The server uses HTTP Strict Transport Security, is not vulnerable to any known exploits, uses PFS with modern browsers (ECDHE only, sadly no DHE) and does not use RC4 unless its the only cipher supported by client (prioritised above 3DES and AES cipher suites).

The only two small faults are: no support for AES-GCM cipher suites and the certificates are signed with the weak SHA1. The latter being definitely the bigger issue.

All in all, an OK config.

Azure web interface

Let us take a look at Azure web site now. While the server does get grade A-, the problems it has are a bit more major.

Firstly, the server prioritises RC4 cipher above others. Secondly, while it is PFS capable, it doesn’t prioritise ECDHE cipher suites.

Again, the server doesn’t support AES-GCM and uses certificates signed with the weak SHA1.

Bad configuration if we apply the advice from Microsoft Security Advisory 2868725.

Bad configuration.

Summary

While some of their servers are indeed configured correctly, leaving servers wide open to known security exploits (CVE-2009-3555) doesn’t bode well for the general security practice inside the cloud computing division…

Advertisements