{"id":8124,"date":"2022-10-18T15:19:22","date_gmt":"2022-10-18T13:19:22","guid":{"rendered":"https:\/\/www.retarus.com\/blog\/en\/encrypting-emails-%e2%80%93-the-right-way"},"modified":"2024-05-07T19:19:50","modified_gmt":"2024-05-07T17:19:50","slug":"encrypting-emails-the-right-way","status":"publish","type":"post","link":"https:\/\/www.retarus.com\/blog\/en\/encrypting-emails-the-right-way\/","title":{"rendered":"Encrypting emails \u2013 the right way"},"content":{"rendered":"\n<p>Microsoft is currently engaged in a debate with security researchers over whether Office 365\u2019s built-in message encryption is secure or not. In any case, it\u2019s fair to ask what Office Message Encryption (OME) is actually useful for anyway.<\/p>\n\n\n\n<p>The official line is that Office Message Encryption provides an opportunity \u201cto send and receive encrypted email messages between people inside and outside your organization\u201d. According to WithSecure\u2019s assessment, however, the encryption method used by OME (known as Electronic Codebook or ECB) is not fit for purpose as it is insecure for data with repeating patterns such as plain text or uncompressed images and videos. Despite this, Microsoft sees no need to change things \u2013 as reported in British online tech news publication <a href=\"https:\/\/www.theregister.com\/2022\/10\/14\/microsoft_office_365_message_encryption\/?td=rt-9cp\">\u201cThe Register\u201d<\/a> and other outlets.<\/p>\n\n\n\n<p>And WithSecure is far from alone in its criticism. The renowned National Institute of Standards and Technology (NIST), for instance, has stated that the \u201cuse of ECB to encrypt confidential information constitutes a severe security vulnerability.\u201d The fact that OME uses a strong cipher (AES) doesn\u2019t solve the problem, WithSecure go on to say. Another vulnerability security researchers have also called out is that OME messages are sent as email attachments. \u201cAttackers who are able to get their hands on multiple messages can use the leaked ECB info to figure out the encrypted contents,\u201d <a href=\"https:\/\/news.cision.com\/withsecure\/r\/flaw-in-microsoft-office-365-message-encryption-could-expose-email-contents-to-attackers,c3648383\">explains<\/a> Harry Sintonen, security researcher at WithSecure.<\/p>\n\n\n\n<p>Microsoft doesn\u2019t consider it necessary to take any action based on WithSecure&#8217;s findings. \u201cThe report was not considered meeting the bar for security servicing, nor is it considered a breach. No code change was made and so no CVE was issued for this report,\u201d the software company has stated. Since Microsoft introduced its own governance system called Purview earlier this year, the software giant now considers OME to be a legacy system anyway.<\/p>\n\n\n\n<p>WithSecure certainly advises companies to take heed of the potential legal ramifications of using OME, particularly in view of the strict data protection regulations in Europe and California. \u201cSince Microsoft has no plans to fix this vulnerability the only mitigation is to avoid using Microsoft Office 365 Message Encryption,\u201d the researchers conclude.<\/p>\n\n\n\n<p>Companies looking to encrypt emails securely and in line with tech standards, need look no further than Retarus\u2019 gateway-based <a href=\"https:\/\/www.retarus.com\/services\/email-compliance\/email-encryption\/\">Email Encryption service<\/a>. The solution is compatible with any SMTP-based email system irrespective of the device used, and supports the common S\/MIME, PGP and OpenPGP procedures. The X.509 v3 standard is also fully supported, including self-signed certificates. Retarus manages all internal and external keys centrally. Recipients without their own encryption solutions can view their decrypted messages by way of a secure web portal. Those interested can find out more from our website or straight from your <a href=\"https:\/\/www.retarus.com\/contact\/\">local Retarus representative<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft is currently engaged in a debate with security researchers over whether Office 365\u2019s built-in message encryption is secure or not. In any case, it\u2019s fair to ask what Office Message Encryption (OME) is actually useful for anyway.<\/p>\n","protected":false},"author":14,"featured_media":8125,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","_s2mail":"yes","footnotes":""},"categories":[8,15],"tags":[254,164,3746],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v23.0 (Yoast SEO v23.0) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Encrypting emails \u2013 the right way - Retarus Corporate Blog - EN<\/title>\n<meta name=\"description\" content=\"Microsoft debattiert gerade mit Sicherheitsforschern dar\u00fcber, ob die eingebaute Nachrichtenverschl\u00fcsselung von Office 365 sicher ist oder nicht. Ohnehin stellt sich die Frage, f\u00fcr was die Office Message Encryption (OME) \u00fcberhaupt gut sein soll.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.retarus.com\/blog\/en\/encrypting-emails-the-right-way\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Encrypting emails \u2013 the right way\" \/>\n<meta property=\"og:description\" content=\"Microsoft debattiert gerade mit Sicherheitsforschern dar\u00fcber, ob die eingebaute Nachrichtenverschl\u00fcsselung von Office 365 sicher ist oder nicht. Ohnehin stellt sich die Frage, f\u00fcr was die Office Message Encryption (OME) \u00fcberhaupt gut sein soll.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.retarus.com\/blog\/en\/encrypting-emails-the-right-way\/\" \/>\n<meta property=\"og:site_name\" content=\"Retarus Corporate Blog - EN\" \/>\n<meta property=\"article:published_time\" content=\"2022-10-18T13:19:22+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-07T17:19:50+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2022\/10\/shutterstock_1384734485.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1080\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Thomas Cloer\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Thomas Cloer\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/encrypting-emails-the-right-way\/\",\"url\":\"https:\/\/www.retarus.com\/blog\/en\/encrypting-emails-the-right-way\/\",\"name\":\"Encrypting emails \u2013 the right way - Retarus Corporate Blog - EN\",\"isPartOf\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/encrypting-emails-the-right-way\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/encrypting-emails-the-right-way\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2022\/10\/shutterstock_1384734485.jpg\",\"datePublished\":\"2022-10-18T13:19:22+00:00\",\"dateModified\":\"2024-05-07T17:19:50+00:00\",\"author\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/#\/schema\/person\/7f8954d8bf84d75cf384942c5f6cf2e5\"},\"description\":\"Microsoft debattiert gerade mit Sicherheitsforschern dar\u00fcber, ob die eingebaute Nachrichtenverschl\u00fcsselung von Office 365 sicher ist oder nicht. Ohnehin stellt sich die Frage, f\u00fcr was die Office Message Encryption (OME) \u00fcberhaupt gut sein soll.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/encrypting-emails-the-right-way\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.retarus.com\/blog\/en\/encrypting-emails-the-right-way\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/encrypting-emails-the-right-way\/#primaryimage\",\"url\":\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2022\/10\/shutterstock_1384734485.jpg\",\"contentUrl\":\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2022\/10\/shutterstock_1384734485.jpg\",\"width\":1920,\"height\":1080,\"caption\":\"x509 Elliptic Curve Cryptography Private Key\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/encrypting-emails-the-right-way\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.retarus.com\/blog\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Encrypting emails \u2013 the right way\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/#website\",\"url\":\"https:\/\/www.retarus.com\/blog\/en\/\",\"name\":\"Retarus Corporate Blog - EN\",\"description\":\"Always up to date\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.retarus.com\/blog\/en\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/#\/schema\/person\/7f8954d8bf84d75cf384942c5f6cf2e5\",\"name\":\"Thomas Cloer\",\"url\":\"https:\/\/www.retarus.com\/blog\/en\/author\/thomasc\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Encrypting emails \u2013 the right way - Retarus Corporate Blog - EN","description":"Microsoft debattiert gerade mit Sicherheitsforschern dar\u00fcber, ob die eingebaute Nachrichtenverschl\u00fcsselung von Office 365 sicher ist oder nicht. Ohnehin stellt sich die Frage, f\u00fcr was die Office Message Encryption (OME) \u00fcberhaupt gut sein soll.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.retarus.com\/blog\/en\/encrypting-emails-the-right-way\/","og_locale":"en_US","og_type":"article","og_title":"Encrypting emails \u2013 the right way","og_description":"Microsoft debattiert gerade mit Sicherheitsforschern dar\u00fcber, ob die eingebaute Nachrichtenverschl\u00fcsselung von Office 365 sicher ist oder nicht. Ohnehin stellt sich die Frage, f\u00fcr was die Office Message Encryption (OME) \u00fcberhaupt gut sein soll.","og_url":"https:\/\/www.retarus.com\/blog\/en\/encrypting-emails-the-right-way\/","og_site_name":"Retarus Corporate Blog - EN","article_published_time":"2022-10-18T13:19:22+00:00","article_modified_time":"2024-05-07T17:19:50+00:00","og_image":[{"width":1920,"height":1080,"url":"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2022\/10\/shutterstock_1384734485.jpg","type":"image\/jpeg"}],"author":"Thomas Cloer","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Thomas Cloer","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.retarus.com\/blog\/en\/encrypting-emails-the-right-way\/","url":"https:\/\/www.retarus.com\/blog\/en\/encrypting-emails-the-right-way\/","name":"Encrypting emails \u2013 the right way - Retarus Corporate Blog - EN","isPartOf":{"@id":"https:\/\/www.retarus.com\/blog\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.retarus.com\/blog\/en\/encrypting-emails-the-right-way\/#primaryimage"},"image":{"@id":"https:\/\/www.retarus.com\/blog\/en\/encrypting-emails-the-right-way\/#primaryimage"},"thumbnailUrl":"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2022\/10\/shutterstock_1384734485.jpg","datePublished":"2022-10-18T13:19:22+00:00","dateModified":"2024-05-07T17:19:50+00:00","author":{"@id":"https:\/\/www.retarus.com\/blog\/en\/#\/schema\/person\/7f8954d8bf84d75cf384942c5f6cf2e5"},"description":"Microsoft debattiert gerade mit Sicherheitsforschern dar\u00fcber, ob die eingebaute Nachrichtenverschl\u00fcsselung von Office 365 sicher ist oder nicht. Ohnehin stellt sich die Frage, f\u00fcr was die Office Message Encryption (OME) \u00fcberhaupt gut sein soll.","breadcrumb":{"@id":"https:\/\/www.retarus.com\/blog\/en\/encrypting-emails-the-right-way\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.retarus.com\/blog\/en\/encrypting-emails-the-right-way\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.retarus.com\/blog\/en\/encrypting-emails-the-right-way\/#primaryimage","url":"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2022\/10\/shutterstock_1384734485.jpg","contentUrl":"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2022\/10\/shutterstock_1384734485.jpg","width":1920,"height":1080,"caption":"x509 Elliptic Curve Cryptography Private Key"},{"@type":"BreadcrumbList","@id":"https:\/\/www.retarus.com\/blog\/en\/encrypting-emails-the-right-way\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.retarus.com\/blog\/en\/"},{"@type":"ListItem","position":2,"name":"Encrypting emails \u2013 the right way"}]},{"@type":"WebSite","@id":"https:\/\/www.retarus.com\/blog\/en\/#website","url":"https:\/\/www.retarus.com\/blog\/en\/","name":"Retarus Corporate Blog - EN","description":"Always up to date","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.retarus.com\/blog\/en\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.retarus.com\/blog\/en\/#\/schema\/person\/7f8954d8bf84d75cf384942c5f6cf2e5","name":"Thomas Cloer","url":"https:\/\/www.retarus.com\/blog\/en\/author\/thomasc\/"}]}},"_links":{"self":[{"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/posts\/8124"}],"collection":[{"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/comments?post=8124"}],"version-history":[{"count":9,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/posts\/8124\/revisions"}],"predecessor-version":[{"id":10414,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/posts\/8124\/revisions\/10414"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/media\/8125"}],"wp:attachment":[{"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/media?parent=8124"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/categories?post=8124"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/tags?post=8124"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}