Diary of a Network Geek

The trials and tribulations of a Certified Novell Engineer who's been stranded in Houston, Texas.

11/20/2003

Exchange Server Flaw

Filed under: Criticism, Marginalia, and Notes,Geek Work,News and Current Events — Posted by the Network Geek during the Hour of the Hare which is in the early morning or 7:01 am for you boring, normal people.
The moon is Waning Crescent

Why did it take over a week for me to find this?

I guess Micro$oft is keeping it mum, but there’s a pretty major security issue with their Exchange versions 5.5 and 2000. It seems that if any guest accounts are left open, they can be exploited by spammers. Usually, a guest account is set up as a default mailstop for anything that doesn’t have anywhere else to go. But, spammers can use these accounts to send out their own e-mail with their own agenda. There’s an article about it on CNet News.
But the thing that disturbs me about this is that they seem to have known about this for sometime. They just didn’t feel the need to publisize it very much. Kind of ironic for a company that’s offering a “bounty” for the virus writer that came up with Slammer and the like. It’s also hard to believe that they’re really getting behind the whole idea of tightening security on their products when they let something like this slip! Ah, well, what can you expect from a company run by a college drop-out with a police record?


Powered by WordPress
Any links to sites selling any reviewed item, including but not limited to Amazon, may be affiliate links which will pay me some tiny bit of money if used to purchase the item, but this site does no paid reviews and all opinions are my own.