From Bob Brewin and the online edition of Federal Computer Week:
Due to an increased network threat condition, the Defense Department is blocking all HTML-based e-mail messages and has banned the use of Outlook Web Access e-mail applications, according to a spokesman for the Joint Task Force for Global Network Operations.When I asked a colleague in-the-know, he indicated there was a reason for the clamp-down, it was fairly big, and he couldn't talk about it. I'm assuming he wasn't not talking about some obvious "worldwide social and political events and activities."
An internal message available on the Internet from the Defense Security Service (DSS) states that JTF-GNO raised the network threat condition from Information Condition 5, which indicates normal operating conditions, to Infocon 4 “in the face of continuing and sophisticated threats” against Defense Department networks.
Infocon 4 usually indicates heightened vigilance in preparation for operations or exercises or increased monitoring of networks due to increased risk of attack.
The JTF-GNO mandated use of plain text e-mail because HTML messages pose a threat to DOD because HTML text can be infected with spyware and, in some
cases, executable code that could enable intruders to gain access to DOD networks, the JTF-GNO spokesman said.
In an e-mail to Federal Computer Week, a Navy user said that any HTML messages sent to his account are automatically converted to plain text.
The JTF-GNO spokesman declined to say why the command raised the threat level except to say that Infocon levels are adjusted to reflect worldwide social and political events and activities. He said the current threat level does not bar the use of attachments, including Power Point slides used for briefings.
In the meantime, and for what looks to be the foreseeable future, all plain text email in Outlook and no web-based email, including internal Outlook Web Access e-mail applications, not just the Hotmails and Gmails of the world.