[FoRK] Hollywood whodunit: What's eating emails in iCloud?

Stephen Williams sdw at lig.net
Mon Dec 3 02:12:52 PST 2012


On Android, I could configure the newly-updated email client for either 
Imap or Exchange protocol.  The latter required me to agree to a 
security system that allow the administrator of the email system (or me 
as a user apparently) to wipe the device, control all kinds of features 
like Internet access and web browsing, etc.  This should be an optional 
trust relationship, but it isn't.  This means that any user of 
Outlook.com could have their device wiped by Microsoft.  Android 
devices just losing your data?  Aww, too bad, here try this Windows 
Mobile 8 device!

And then there is this:  Apparently many Exchange-protocol capable 
email clients don't verify authenticity of the server, leading to an 
easy, big whole:
http://www.eetimes.com/electronics-news/4391099/Black-Hat--Impersonating-Microsoft-Exchange-servers-to-manipulate-mobile-devices?cid=NL_Embedded&Ecosystem=embedded

On Mon Dec  3 00:39:17 2012, Stephen Williams wrote:
> Crazy.  This is why I run my own email server.
> Our new CEO just switched us from corporate Gmail to Office365 / Outlook.com, for no good reason apparently.
> Although Microsoft's published information says that imap isn't available and their online support says you must use Outlook,
> Thunderbird works reasonably well with it.  Although it is slow at peak times (unlike Gmail).  And they have a severe bug,
> apparently has always been there for all forms of Outlook, where they don't update the view of folders with deleted messages
> until they are purged.  Therefore, the Outlook.com web email is mostly useless because it is always out of date if you also
> use an Imap client. And they still remove email addresses in the header of forwarded messages.  How does no one notice?
>
> http://www.infoworld.com/t/cringely/hollywood-whodunit-whats-eating-emails-in-icloud-207335?source=IFWNLE_nlt_cloud_2012-11-19
>
> November 19, 2012
> Hollywood whodunit: What's eating emails in iCloud?
> A reader in show biz writes in with a puzzle: His iCloud attachments aren't coming through -- perhaps by Apple's design
> By Robert X. Cringely | InfoWorld
>
> .
>
> Here's a mystery worthy of a Hollywood thriller.
>
> I recently got an email from a reader named Steven G., an Academy Award-winning developer of screenplay-writing software used
> by major movie honchos. Steven told me his customers had been encountering a bizarre issue with Apple's iCloud service.
>
> [ Apple's control freak tendencies go back a long way. Witness: The 7 words you can't say on iTunes. | For a humorous take on
> the tech industry's shenanigans, subscribe to Robert X. Cringely's Notes from the Underground newsletter. | Get the latest
> insight on the tech news that matters from InfoWorld's Tech Watch blog. ]
>
> Steven wrote:
>
>     A screenwriter was delivering a PDF attachment of a draft of his script to the project's director, by emailing it from his
> iCloud/MobileMe account to Gmail. The problem? The script would never arrive, no matter how many times he would send it. But
> sending other PDF documents worked fine.
>
>     I figured, wow -- is this some sort of spectacular failure of our screenwriting software (Movie Magic Screenwriter)? Our
> software had generated the PDF, so maybe we had accidentally generated information that was somehow matching the profile of a
> virus, or malware, causing the document to be rejected by Apple's mail servers.
>
>     After obtaining a copy of the PDF (sent via Gmail to our Microsoft Exchange server), we confirmed the exact same behavior
> when we tried to send it to our own iCloud mailbox. The email never arrived, nor did we receive any return notification.
>
> He began experimenting to find out what was going on. First, he compressed the screenplay PDF into a Zip file and sent that.
> It also disappeared. Next, he compressed it using Apple's encrypted archive format. That attachment made it through, but it
> came with an unusual comment: "[not Virus Scanned]" appended to the subject field.
>
> From this he deduced that something inside the file was causing it to get flagged and flushed. He cut the file in half and
> sent the first 59 pages as an attachment. It got deleted. His breakthrough arrived, in dramatic Hollywood fashion:
>
>     AND THEN I SAW IT -- a line in the script, describing a character viewing an advertisement for a pornographic site on his
> computer screen. Upon modifying this line, the entire document was delivered with no problem.
>
> It seemed not only was Apple scanning messages for malware, it was also scanning the content of each attachment and exercising
> some kind of rule about it. Apple wasn't merely flagging the message or sending to a spam folder, but deleting it outright.
>
> He wasn't done. He created another PDF containing a variation of the offending line from the screenplay: "All my children are
> barely legal teens -- why would I want to let them drive by themselves?"
>
> Yes, you guessed it. That attachment got sent to email hell. To be certain, Steven created an email with that line in the body
> of the message and sent it from his Exchange server to his personal iCloud account. That too disappeared into the ether.



More information about the FoRK mailing list