Slashdot Mirror


Mail Server Flaw Opens MS Exchange to Spam

bl8n8r writes: " Exchange 5.5 and 2000 can be used by spammers to send anonymous e-mail. He says even though software Microsoft provides on its site certifies that the server is secure, it's not. There are dozens of messages--with subject lines such as 'Open relay problem' and 'We are sending spam?'--on Microsoft's Exchange Administration newsgroup, sent by information system managers who haven't been able to staunch the flow of spam from their servers. 'It is really inexcusable for a company that claims security is its top priority,' he said." If you are using vulnerable versions of Exchange, and have been hit by a Code Red variant, you may want to insure your 'guest' accounts are still disabled.

1 of 487 comments (clear)

  1. Re: indemnity? by Black+Parrot · · Score: 5, Funny


    > Is microsoft indemnifying its customers against problems like this? I know that indemnity has been a big keyword of theirs lately and I'd just like to be certain that I can get indemnified if something like this happens. I mean, that's the advantage of going with a big, closed source company right? It's the indemnity.

    Yes, they agree to only charge you one license for the unauthorized use of 'guest', no matter how many spammers are actually using it.

    They also agree to send someone to show your PHB some overdecorated ppt slides about how secure their software is, if incidents like this have him thinking about switching to another software supplier.

    --
    Sheesh, evil *and* a jerk. -- Jade