Slashdot Mirror


Mail Server Flaw Opens MS Exchange to Spam

bl8n8r writes: " Exchange 5.5 and 2000 can be used by spammers to send anonymous e-mail. He says even though software Microsoft provides on its site certifies that the server is secure, it's not. There are dozens of messages--with subject lines such as 'Open relay problem' and 'We are sending spam?'--on Microsoft's Exchange Administration newsgroup, sent by information system managers who haven't been able to staunch the flow of spam from their servers. 'It is really inexcusable for a company that claims security is its top priority,' he said." If you are using vulnerable versions of Exchange, and have been hit by a Code Red variant, you may want to insure your 'guest' accounts are still disabled.

8 of 487 comments (clear)

  1. Re:Read the fine article. by bgog · · Score: 4, Funny

    I did read the article and am fully aware of it's implications. However... SHUT UP... I'm trying to get them to upgrade! :) SHHHH

  2. Re:More FUD for the Linux Side by Anonymous Coward · · Score: 4, Funny
    Here I thought /. was the source for fair and balanced coverage.
    You're new here, aren't you?
  3. Re:Ensure by Malc · · Score: 2, Funny

    Insure is also a verb! I insure, you insure, we all insure to ensure financial security.

  4. Re: indemnity? by Black+Parrot · · Score: 5, Funny


    > Is microsoft indemnifying its customers against problems like this? I know that indemnity has been a big keyword of theirs lately and I'd just like to be certain that I can get indemnified if something like this happens. I mean, that's the advantage of going with a big, closed source company right? It's the indemnity.

    Yes, they agree to only charge you one license for the unauthorized use of 'guest', no matter how many spammers are actually using it.

    They also agree to send someone to show your PHB some overdecorated ppt slides about how secure their software is, if incidents like this have him thinking about switching to another software supplier.

    --
    Sheesh, evil *and* a jerk. -- Jade
  5. Re:Read the fine article. by dipipanone · · Score: 3, Funny

    No, it's turned off by default

    OK, I eventually got that for most people, it was probably turned on by a Code Red infection.

    I'm still curious about what potential purpose such an account would serve though? Is it necessary for internal housekeeping or something?

    which you would know if you had bothered to read more than the one comment you were replying to

    What, you mean that as well as R'ing the F'ing A, I'm also obliged to R *all* the F'ing C's as well?

    You are joking, right?

  6. Re:Read the fine article. by Anonymous Coward · · Score: 2, Funny

    "Exchange admins" ?

    ugh? There are actually people who have this title and like get paid for it?

    What's the job description?

    "
    Must have somewhat memorized a bunch of (exchange) gui screens and know how to click mouse. Token certificate of some type or online degrees from "accredited" universities are nice and make the HR people we employ titter. Good with microsoft wizards and skill with pleasing buzzwords preferred. Must not laugh when manager says things "Tiger Team meeting", "Warm fuzzy around the problem", "Have a dialog" or the like.
    "

    But wait that's pretty much the job description for 95% of all Microsoft jobs

    What would the GNU equiv be?

    "
    Must know how to administer all services on typical *nix box from command line, know C, vi, have GNU beard, and actually be prepared to do some work.
    "

    dunno

  7. Re:Read the fine article. by rifter · · Score: 3, Funny

    "No, it's turned off by default"

    OK, I eventually got that for most people, it was probably turned on by a Code Red infection.

    I'm still curious about what potential purpose such an account would serve though? Is it necessary for internal housekeeping or something?

    "which you would know if you had bothered to read more than the one comment you were replying to"

    What, you mean that as well as R'ing the F'ing A, I'm also obliged to R *all* the F'ing C's as well?

    You are joking, right?

    Nope, to earn the right to post on Slashdot, you must read every comment, the whole article and all the links. Then you should read the man pages for every *NIX, the whole of Microsoft Technet, and all of the RFC's. That done, you may return to post. What you say?! Discussion archived? Oh well, reading all that will be much better than Slashdot, and you'll probably outgrow posting here by then, too. :)

  8. Re:guest accounts by bribass · · Score: 3, Funny
    (ever typed 'Administartor'?)

    No, but I've typed 'Administraitor' before... :)