Posted on 12/27/2006 9:54:13 AM PST by Salo
DOD bars use of HTML e-mail, Outlook Web Access
BY Bob Brewin Published on Dec. 22, 2006
Due to an increased network threat condition, the Defense Department is blocking all HTML-based e-mail messages and has banned the use of Outlook Web Access e-mail applications, according to a spokesman for the Joint Task Force for Global Network Operations.
An internal message available on the Internet from the Defense Security Service (DSS) states that JTF-GNO raised the network threat condition from Information Condition 5, which indicates normal operating conditions, to Infocon 4 “in the face of continuing and sophisticated threats” against Defense Department networks.
Infocon 4 usually indicates heightened vigilance in preparation for operations or exercises or increased monitoring of networks due to increased risk of attack.
The JTF-GNO mandated use of plain text e-mail because HTML messages pose a threat to DOD because HTML text can be infected with spyware and, in some cases, executable code that could enable intruders to gain access to DOD networks, the JTF-GNO spokesman said.
In an e-mail to Federal Computer Week, a Navy user said that any HTML messages sent to his account are automatically converted to plain text.
The JTF-GNO spokesman declined to say why the command raised the threat level except to say that Infocon levels are adjusted to reflect worldwide social and political events and activities. He said the current threat level does not bar the use of attachments, including Power Point slides used for briefings.
He also declined to tell FCW what other restrictions on e-mail that JTF-GNO has imposed. But a December 2006 newsletter of the Colorado National Guard said that under Infocon 4, Guard members receiving e-mails from any unknown source, including “mail received from unrecognized Department of Defense accounts,” should be viewed as potentially harmful.
The Colorado Guard newsletter also alerted personnel to be vigilant against e-mail “phishing” attempts to gain personal information.
The ban on use of Outlook Web mail will hit thousands of users at Robins Air Force Base, Ga., according to an internal message available on the Internet. The ban on the use of Outlook Web Access “will significantly impact the way we presently conduct business,” due to the fact that that Web mail is the primary means of e-mail access for 4,500 employees at the base, according to the message.
Robins has developed a work-around for these users to access Outlook directly by logging on to government computers with their common access cards, the internal message said.
JTF-GNO raised the DOD network threat level to Infocon 4 in mid-November after an attack on the networks at the Naval War College (NWC) required NWC to take its systems offline. The JTF-GNO spokesman said at the time that the increase in threat conditions had no relation to the attack against NWC.
I hope they check the vector, Victor.
We had ways around *that* BEFORE Microsoft added HTML to email, along with the disappearance of the old fact that "You can't get a virus just by opening an email."
That's the trend. I predict that within two years, all DoD traffic will be off the internet. NIPR will become SIPR.
Not really. Using Word as an e-mail editor formats your mail in HTML, RTF or plain text. There is no "Word" format.
FCW was late on this one, its been shut off for several weeks now.
I always use text email. HTML email is not in accordance with the RFC and IMO marks someone as a MS Drone or equally clueless. In the IT community, HTML email is considered unprofessional. At $DAYJOB some people have complained about those of us who insisted on text email. We try not to laugh...
Now that's just silly. OWA uses SSL. Passwords are sent encrypted in the secure session. DoD's beef with OWA is that it doesn't support two-factor authentication. By Executive Order, all web-based DoD systems have to support CAC cards.
I work in an IT shop at an Air Force installation, and I'm beginning to wonder if that isn't the idea. In the past six months they've implemented policies that have had a devastating impact on user functionality. In the past month they've denied file and print sharing on all hosts and denied the right of non-administrative users to load print drivers. It's getting absurd. If they want that level of security, they need to unplug all the automated systems and go back to pools of clerk typists.
The older version doesn't. I'm not certain which version that was in use at the time, but I have seen this for myself.
yes there is....
At least the AF uses it....
Or else I'm just imagining that Winword.exe starts when I open up an email....
Email should be text anyway. I =hate= html formatted email, as rendering is always an iffy thing.
It sure solves a lot of problems that surround email, if all you get is raw ascii text. phishing is much more difficult if you can't obfuscate the actual link address.
Then don't pipe up if you don't know what you're talking about. Exchange 5.5 SP-1 was released in 1998 and supports OWA over SSL.
It's entirely possible that the system wasn't updated. I have no way of knowing. I was just posting what I found.
That's what you're using as your e-mail editor, not what format the e-mail is in. Word will allow you to format HTML, Rich Text and Plain Text. Look it up. My Notes clients have no issue reading any of those formats.
Go Mozilla/ Firefox!
That's right.....I think I was confusing Plain Text with Word of all things...
Damn :)
That's what I get for taking nearly a month off :)
You could enclose your corporate inside a VPN with a webserver if you wished to do secure HTML mail.
However, companies wishing reasonable security have long ago - since the first major worm infection via HTML - banned HTML email.
NMCI cut if off about 2 weeks ago.... OWA still works though....
We correspond with a military customer...
Ah...
This surprises me then. Have HTML enabled email clients always been allowed by you and them in the past?
Ignorant? LOL, funny, since I've been working on OWA systems since they first existed, while you probably don't even know what they are.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.