Secret Always-On Office 365 Tool logs Massive Data

[rcmaehl]

Sources:

LMGSecurity

Crowdstrike

 

Quotes/Excerpt:

Quote

A previously unknown trove of access and activity logs held by Microsoft allows investigators to track Office 365 mailbox activity in minute detail... access to a stockpile of granular activity data going back six months—even if audit logging was not enabled...Until now, this level of granularity was thought not to exist. Turns out, however, that it did, and those who were in the know kept this knowledge a secret... The secret Office 365 forensics tool raises important ethical questions for forensic analysts and our broader ecosystem.

Quote

This capability consists of a web API that uses Exchange Web Services (EWS) to retrieve Office 365 Outlook mailbox activities. The API can be accessed by anyone with knowledge of the API endpoint and a specific HTTP header. Activities are recorded for all users and are retained for up to six months... While the full potential of the API is unknown at this time, CrowdStrike has documented many of the features that can be used to derive maximum operational value from the API.

 

My Opinion

Honestly the LMG Security article is worth the full read in regards to a massive conspiracy to suppress information and resources within the Cyber Security and Forensic fields including assistance from an unlikely source. The whole thing reads like some sort of crime novel that you wouldn't think would happen in real life.

[PlayStation 2]

Imagine my shock.

[ItsMitch]

I'm SO shocked, like my whole body is trembling in anger knowing that this has happened, I'm literally about to throw the biggest bitch fit in my fucking life. 

[hobobobo]

I love tech news for not making me sad on a daily basis. At least they used to...

 

Im on a verge of creating a company with a sole business model of getting users to lock their data under my ip and sell that shit to corps... And market it as a cashback app for all pesky ads you bought with your eyes

 

[ScratchCat]

Microsoft adds this "feature" to GitHub in 3..2..1..

[Enderman]

It's not a secret if you agreed to it in the terms and conditions when you downloaded the software.

[imreloadin]

I was more shocked seeing LMGSecurity thinking Linus had branched out yet again

[ARikozuM]

Quote

Joyous day! I banged Stacy! 

Microsoft: Hurry, find out what IP Stacy uses!

[Misanthrope]

Looks like we need a Microsoft spin doctor on the case, yeah you know the type...

[Sauron]

It's not secret if everyone already assumed it was happening.

[Arika]

more reason to not use office 365. 

 

I'm also a bit confused by what they are trying to say

 

Quote

discovered a capability within Office 365 that allows for the retrieval of Outlook mailbox activity logs that far exceeds the granularity provided by existing, documented Office 365 log sources…” they wrote. “This capability represents access to an always-on, mailbox activity recording system that is active by default for all users.” Along with details of the new API, they released a Python module to automate retrieval.

it has the capability? hell any program can be dissected to the point that you can get more data out of it than is documented.

 

this more seems to be a security breach for the companies using it, there is nothing in either article saying microsoft is stealing data

[asus killer]

why on earth would anyone ever use outlook or that 365 version of office?

[bcredeur97]

so when the security guy from (major security company) came talk to us at work for a training and mentioned something big about 365 that wasn't public yet... this is what he meant?

ouch 

 

and this was like a month ago. woooow

[Syntaxvgm]

And yet the people screaming at me and others to use 365 will defend it. 

To be clear, it wasn't because of MS spying, it's because I avoid saas if possible. 

[Ryujin2003]

14 hours ago, asus killer said:

why on earth would anyone ever use outlook or that 365 version of office?

The people who use Outlook (other than for businesses) are the same type of people that think AOL is the best search engine... I'm looking at you, Grandpa.

[Master Disaster]

6 minutes ago, Ryujin2003 said:

The people who use Outlook (other than for businesses) are the same type of people that think AOL is the best search engine... I'm looking at you, Grandpa.

My mum uses Yahoo as her homepage...

[ManIkWeet]

I always wondered what that tiny little Office tool (clicktorun or some bullshit) was doing in my active apps... and why I couldn't kill it...

[Doobeedoo]

Another reason for Office 365 to be avoided and why people don't like it. Reason they're making Office 2019 for people who prefer that over 365 sub one. 

[TheKDub]

What!?! Microsoft spying on users!?! Who would've ever guessed!

[suicidalfranco]

inb4 it's only telemetry and anonymized and can't be traced back to you and you just a MS hater

[jagdtigger]

11 minutes ago, suicidalfranco said:

inb4 it's only telemetry and anonymized and can't be traced back to you and you just a MS hater

Pretty much this, ppl are so dumb these days. If things continue like this then Mirrors Edge will become a reality sadly.....

[Ryujin2003]

2 hours ago, ManIkWeet said:

I always wondered what that tiny little Office tool (clicktorun or some bullshit) was doing in my active apps... and why I couldn't kill it...

You can uninstall it. Right click, uninstall. Boom, it's gone.

[rcmaehl]

3 hours ago, suicidalfranco said:

inb4 it's only telemetry and anonymized and can't be traced back to you and you just a MS hater

It's actually quite detailed:

 

[suicidalfranco]

23 minutes ago, rcmaehl said:

It's actually quite detailed:

 

Stap hating MS!

If you don't like turn off your internet, Google does it to

 

- inb4 this too 

[Guest]

Gotta give it to Apple for not pulling stuff like this. Logging of work however has always been available in both Google and Microsoft products so there has always been the potential for this. Maybe Apple does it too and we just don't know.