Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

DOD bars use of HTML e-mail, Outlook Web Access
FCW.com ^ | 12/22/06 | Bob Brewin

Posted on 12/27/2006 9:54:13 AM PST by Salo

DOD bars use of HTML e-mail, Outlook Web Access

BY Bob Brewin Published on Dec. 22, 2006

Due to an increased network threat condition, the Defense Department is blocking all HTML-based e-mail messages and has banned the use of Outlook Web Access e-mail applications, according to a spokesman for the Joint Task Force for Global Network Operations.

An internal message available on the Internet from the Defense Security Service (DSS) states that JTF-GNO raised the network threat condition from Information Condition 5, which indicates normal operating conditions, to Infocon 4 “in the face of continuing and sophisticated threats” against Defense Department networks.

Infocon 4 usually indicates heightened vigilance in preparation for operations or exercises or increased monitoring of networks due to increased risk of attack.

The JTF-GNO mandated use of plain text e-mail because HTML messages pose a threat to DOD because HTML text can be infected with spyware and, in some cases, executable code that could enable intruders to gain access to DOD networks, the JTF-GNO spokesman said.

In an e-mail to Federal Computer Week, a Navy user said that any HTML messages sent to his account are automatically converted to plain text.

The JTF-GNO spokesman declined to say why the command raised the threat level except to say that Infocon levels are adjusted to reflect worldwide social and political events and activities. He said the current threat level does not bar the use of attachments, including Power Point slides used for briefings.

He also declined to tell FCW what other restrictions on e-mail that JTF-GNO has imposed. But a December 2006 newsletter of the Colorado National Guard said that under Infocon 4, Guard members receiving e-mails from any unknown source, including “mail received from unrecognized Department of Defense accounts,” should be viewed as potentially harmful.

The Colorado Guard newsletter also alerted personnel to be vigilant against e-mail “phishing” attempts to gain personal information.

The ban on use of Outlook Web mail will hit thousands of users at Robins Air Force Base, Ga., according to an internal message available on the Internet. The ban on the use of Outlook Web Access “will significantly impact the way we presently conduct business,” due to the fact that that Web mail is the primary means of e-mail access for 4,500 employees at the base, according to the message.

Robins has developed a work-around for these users to access Outlook directly by logging on to government computers with their common access cards, the internal message said.

JTF-GNO raised the DOD network threat level to Infocon 4 in mid-November after an attack on the networks at the Naval War College (NWC) required NWC to take its systems offline. The JTF-GNO spokesman said at the time that the increase in threat conditions had no relation to the attack against NWC.


TOPICS: Business/Economy; Government; Technical
KEYWORDS: china; microsoft; security
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-8081-99 next last
To: Salo

I hope they check the vector, Victor.


41 posted on 12/27/2006 10:41:30 AM PST by null and void (Propaganda doesn't have to make sense. Hell, it often works better if it doesn't.)
[ Post Reply | Private Reply | To 40 | View Replies]

To: roaddog727
It sucks. you can no longer bold, or change your text color to indicate emphasis.

We had ways around *that* BEFORE Microsoft added HTML to email, along with the disappearance of the old fact that "You can't get a virus just by opening an email."

42 posted on 12/27/2006 10:44:53 AM PST by antiRepublicrat
[ Post Reply | Private Reply | To 32 | View Replies]

To: roaddog727
Oh well, may as well just unplug ALL DOD networks from the Internet........

That's the trend. I predict that within two years, all DoD traffic will be off the internet. NIPR will become SIPR.

43 posted on 12/27/2006 10:45:08 AM PST by centurion316 (Democrats - Supporting Al Qaida Worldwide)
[ Post Reply | Private Reply | To 32 | View Replies]

To: MikefromOhio

Not really. Using Word as an e-mail editor formats your mail in HTML, RTF or plain text. There is no "Word" format.


44 posted on 12/27/2006 10:54:11 AM PST by Doohickey (I am not unappeasable. YOU are just too easily appeased.)
[ Post Reply | Private Reply | To 11 | View Replies]

To: Salo

FCW was late on this one, its been shut off for several weeks now.

I always use text email. HTML email is not in accordance with the RFC and IMO marks someone as a MS Drone or equally clueless. In the IT community, HTML email is considered unprofessional. At $DAYJOB some people have complained about those of us who insisted on text email. We try not to laugh...


45 posted on 12/27/2006 10:58:39 AM PST by Starwolf
[ Post Reply | Private Reply | To 1 | View Replies]

To: KoRn

Now that's just silly. OWA uses SSL. Passwords are sent encrypted in the secure session. DoD's beef with OWA is that it doesn't support two-factor authentication. By Executive Order, all web-based DoD systems have to support CAC cards.


46 posted on 12/27/2006 10:58:40 AM PST by Doohickey (I am not unappeasable. YOU are just too easily appeased.)
[ Post Reply | Private Reply | To 24 | View Replies]

To: roaddog727
Oh well, may as well just unplug ALL DOD networks from the Internet....

I work in an IT shop at an Air Force installation, and I'm beginning to wonder if that isn't the idea. In the past six months they've implemented policies that have had a devastating impact on user functionality. In the past month they've denied file and print sharing on all hosts and denied the right of non-administrative users to load print drivers. It's getting absurd. If they want that level of security, they need to unplug all the automated systems and go back to pools of clerk typists.

47 posted on 12/27/2006 11:00:20 AM PST by Mr Ramsbotham (Laws against sodomy are honored in the breech.)
[ Post Reply | Private Reply | To 32 | View Replies]

To: Doohickey
"OWA uses SSL

The older version doesn't. I'm not certain which version that was in use at the time, but I have seen this for myself.

48 posted on 12/27/2006 11:08:05 AM PST by KoRn
[ Post Reply | Private Reply | To 46 | View Replies]

To: Doohickey

yes there is....

At least the AF uses it....

Or else I'm just imagining that Winword.exe starts when I open up an email....


49 posted on 12/27/2006 11:08:55 AM PST by MikefromOhio (Go Bucks!!!!)
[ Post Reply | Private Reply | To 44 | View Replies]

To: antiRepublicrat
We had ways around *that* BEFORE Microsoft added HTML to email, along with the disappearance of the old fact that "You can't get a virus just by opening an email."

Email should be text anyway. I =hate= html formatted email, as rendering is always an iffy thing.

It sure solves a lot of problems that surround email, if all you get is raw ascii text. phishing is much more difficult if you can't obfuscate the actual link address.


 

50 posted on 12/27/2006 11:12:12 AM PST by zeugma (If the world didn't suck, we'd all fall off.)
[ Post Reply | Private Reply | To 42 | View Replies]

To: KoRn
The older version doesn't.

Then don't pipe up if you don't know what you're talking about. Exchange 5.5 SP-1 was released in 1998 and supports OWA over SSL.

51 posted on 12/27/2006 11:15:54 AM PST by Doohickey (I am not unappeasable. YOU are just too easily appeased.)
[ Post Reply | Private Reply | To 48 | View Replies]

To: Doohickey
" Then don't pipe up if you don't know what you're talking about.

It's entirely possible that the system wasn't updated. I have no way of knowing. I was just posting what I found.

52 posted on 12/27/2006 11:19:05 AM PST by KoRn
[ Post Reply | Private Reply | To 51 | View Replies]

To: MikefromOhio

That's what you're using as your e-mail editor, not what format the e-mail is in. Word will allow you to format HTML, Rich Text and Plain Text. Look it up. My Notes clients have no issue reading any of those formats.


53 posted on 12/27/2006 11:20:01 AM PST by Doohickey (I am not unappeasable. YOU are just too easily appeased.)
[ Post Reply | Private Reply | To 49 | View Replies]

To: Salo

Go Mozilla/ Firefox!


54 posted on 12/27/2006 11:22:56 AM PST by Minutemen ("It's a Religion of Peace")
[ Post Reply | Private Reply | To 1 | View Replies]

To: Doohickey

That's right.....I think I was confusing Plain Text with Word of all things...

Damn :)

That's what I get for taking nearly a month off :)


55 posted on 12/27/2006 11:30:42 AM PST by MikefromOhio (Go Bucks!!!!)
[ Post Reply | Private Reply | To 53 | View Replies]

To: HiJinx

You could enclose your corporate inside a VPN with a webserver if you wished to do secure HTML mail.

However, companies wishing reasonable security have long ago - since the first major worm infection via HTML - banned HTML email.


56 posted on 12/27/2006 1:06:27 PM PST by D-fendr
[ Post Reply | Private Reply | To 8 | View Replies]

To: Salo

NMCI cut if off about 2 weeks ago.... OWA still works though....


57 posted on 12/27/2006 1:27:00 PM PST by bkwells (Liberals=Hypocrites)
[ Post Reply | Private Reply | To 1 | View Replies]

To: D-fendr

We correspond with a military customer...


58 posted on 12/27/2006 3:09:51 PM PST by HiJinx (Ask me about Support for our Troops)
[ Post Reply | Private Reply | To 56 | View Replies]

To: HiJinx

Ah...

This surprises me then. Have HTML enabled email clients always been allowed by you and them in the past?


59 posted on 12/27/2006 3:47:12 PM PST by D-fendr
[ Post Reply | Private Reply | To 58 | View Replies]

To: JRios1968
Iggle injects his ignorant self into this thread?

Ignorant? LOL, funny, since I've been working on OWA systems since they first existed, while you probably don't even know what they are.

60 posted on 12/27/2006 3:57:09 PM PST by Golden Eagle
[ Post Reply | Private Reply | To 7 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-8081-99 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson