Don’t mess with the geek

If you send a particularly offensive email to someone and don’t want it forwarded to your boss don’t depend on Outlook forwarding restrictions to protect you.

I found a way to defeat it other than the obvious taking a picture of the computer monitor with the email visible.


20 thoughts on “Don’t mess with the geek

  1. Accessing the exchange server with IMAP or POP would do it too. I always laugh at the recall emails I get in my Apple Mail inbox from exchange users.

  2. @Linoge, “Select” is disabled.

    @Alan, The message is encrypted and you need to have the proper certificates installed. You can only access the message with Outlook which is properly configured.

  3. That works of course but it doesn’t preserve the record and it’s a little more difficult to get them into your office than to just send it via email.

  4. Screen capture using OneNote is also disabled. Not sure on whether photoshop programs will capture it. I should try that next time…

  5. I’m guessing the windows Snipping Tool might be able to bypass this.

    I’ll have to try to test my theory as soon as I can find a rights restricted message in my inbox…. for some reason when one looks for them they are not there!

    And No… I won’t tell the Exchange Devs…. even though they are right across the hallway. 🙂

  6. I’ve got a couple of other guesses now, but if you don’t want it revealed, I’ll keep quiet. 🙂

  7. > Opps, BHO.

    I don’t think so. I mean, he hasn’t even been able to deliver my new pony, so I doubt that defeating strong encryption is within his capabilities.

    Presumably, something such as van Eck Phreaking is covered by the same ruling as taking a photo of the screen, so I have to assume you’ve discovered a chink someplace. The plaintext has to be someplace in order to display on the screen, though presumably in protected memory, but with sufficient privileges that could be accessible. Or it could be you’ve just discovered an insufficiently tested code path, which just goes to demonstrate the general rule that if you don’t want something revealed, don’t disclose it.

    (Yeah, at some point, you can say that the odds of disclosure are so minute as to be the same as impossible, but then some cool new thing like parallelized GPU clusters comes along …)

  8. I didn’t find a way to get at the actual text just an easy way to get around the screen capture restriction. But I was reinventing the wheel.

    It turns out the testers over in MS Office already know about it. Son James (who is a dev in Office) told me tonight they use it all the time to get around the Digital Rights Management (DRM). They say DRM stands for “Doesn’t Really Matter”.

  9. I didn’t find a way to get at the actual text just an easy way to get around the screen capture restriction.

    Okay, not what I was thinking, then. I had seen some hints in Google about a registry edit ‘hack’ that *might* do it. My other thought (which I can’t check because I don’t have the DRM set up in our office) was the “view source” option in the right click menu – that opens the xml/html source code in notebook. I assume, though, that that would be disabled as well.

  10. I like the “DRM = Doesn’t Really Matter”. Nice acronym to spell out what it truly is.

    So, if the Office guys know about your particular idea, then why not share it? It obviously isn’t getting patched.

  11. It may be they aren’t fixing it because it isn’t well known. I don’t want to risk having it go away.

    If I meet you face to face I’ll tell you how. Will you be at Boomershoot or the Gun Blogger Rendezvous this year?

Comments are closed.