and we were thinking we were working safely
Microsoft is preparing a patch for its Outlook email software to enable it to work with passwords and encryption while sending mail.
IT Week Labs tests have found incompatibilities in the way Outlook 2002 and Outlook 2003 handle Simple Authentication and Security Layer (SASL) password authentication, and Secure Sockets Layer (SSL) and Transport Layer Security (TLS) encryption when using non-standard TCP port numbers. These three protocols are all IETF standards relating to email security. Firms supporting LAN-based users do not normally use such authentication, but companies supporting remote workers usually require username and password authentication to prevent their mail servers being used by third-parties to send spam.
Currently the problems are not documented on the Microsoft web site, so companies affected by the flaws might incorrectly assume Outlook works properly and that their servers are at fault.
and the patch ? well, later this year. When ? Surely not fast enough...