Ask HN: Is this a proper security issue
In O365 we use all availabile security offerings such as spam filtering and safe links. One of the features of this service is quarantining suspicious email. In this quarantine, you can review emails and delete or release them and mark sender as safe. In this quarantine, one of the tools is a “preview” where you can see the original email. I noticed that despite lack of warnings about dangers of doing this, this preview was rendering images that are embedded in the emails. So I set up a test to send myself and email designed to get caught and quarantined with an embedded image referring an image on a server I have in the cloud. I monitored the http logs as I opened the quarantined email preview and sure enough my local IP address appeared in the http log.
We are a small firm in the financial services industry and was concerned that my local ip could be leaked this way. A determined attacker could theoretically use this avenue to find our local office ip to start attacking directly.
I reported to Microsoft and they replied that ip addresses aren’t private info and as such no action to fix would be made.
Am I just paranoid here or is this a legitimate concern?
0 comments
[ 3.3 ms ] story [ 7.2 ms ] threadNo comments yet.