Slashdot Mirror


Mail Server Flaw Opens MS Exchange to Spam

bl8n8r writes: " Exchange 5.5 and 2000 can be used by spammers to send anonymous e-mail. He says even though software Microsoft provides on its site certifies that the server is secure, it's not. There are dozens of messages--with subject lines such as 'Open relay problem' and 'We are sending spam?'--on Microsoft's Exchange Administration newsgroup, sent by information system managers who haven't been able to staunch the flow of spam from their servers. 'It is really inexcusable for a company that claims security is its top priority,' he said." If you are using vulnerable versions of Exchange, and have been hit by a Code Red variant, you may want to insure your 'guest' accounts are still disabled.

9 of 487 comments (clear)

  1. Just like sendmail by ZeekWatson · · Score: -1, Troll

    Windows becomes more like *nix every day!

    1. Re:Just like sendmail by bgog · · Score: 1, Troll

      Yes but generally (not always) it's because sendmail is misconfigured, not because of a hole. Now you could make a good case the sendmail is way to complicated to configure from scratch.

    2. Re:Just like sendmail by NightSpots · · Score: -1, Troll

      Sendmail holes are ancient history? C'mon. Last year. Next year. Give it time, it'll happen again.

      I, like you, pray that they're few, far between, easy to patch, and not the instant-root variety, but I sit and watch, fearing for the worst.

  2. Microsoft simply cannot do it. by rice_burners_suck · · Score: -1, Troll
    This is additional proof that Microsoft will NEVER fix its bugs. The main reason for this is that Microsoft simply cannot do it. By attempting to take over every single area of the software industry, they have bitten off way more than they can chew. They simply have too many products that do too many things, and there are not enough programmers to handle the task of making that stuff work correctly, much less to make sure it is secure.

    On the other hand, free software and/or open source software can be and is maintained by people all around the world. When there is an important problem, it is fixed very quickly. Most important of all from a security perspective, everybody can examine the inner workings of the software they use to make sure it meets their security standard.

    What does this mean for Microsoft? Simply that they will continue to lose more and more installations around the world, while Linux, BSD, other OSs, and all the free and commercial software surrounding them take over.

    Microsoft's claims of security are just that: Claims. They will never release truly trustable software.

  3. Re:Second or Third time by Anonymous Coward · · Score: -1, Troll

    DAldredge == Big Fat Troll.

    And, stop replying to his sig, you morons.

  4. Re:Ensure by maxpublic · · Score: -1, Troll

    The definitive guide to *American* English is whatever the fuck we Americans say it is. So get over yourself; we stopped being your bitches more than 200 years ago.

    Max

    --
    My god carries a hammer. Your god died nailed to a tree. Any questions?
  5. Who cares by ajs318 · · Score: -1, Troll

    Here is the reason why this doesn't affect me at work, and the reason why it doesn't affect any decent ISP. And here is the reason why it doesn't affect me on my LAN at home.

    I am not in the least bit surprised that a closed-source product has problems. The only mystery to me is why anybody would pay good money after bad for a product and never be in total control of it. If you rent a house, you spend the whole of the rest of your life paying the rent and at the end of it, you have nothing to show for it. If you buy a house, you spend 25 years paying a mortgage, and then you get a piece of paper that says the house belongs to you and you don't pay anymore. If you use closed source software, you have to pay someone else for support and although you eventually get problems fixed, more or less, probably, you will still have to call The Man next time it goes T.U. If you use open source software, you can choose whether you pay for support in hard graft or in hard cash, and you get to keep everything you learned along the way.

    Buy a litre of milk and you get to drink it once. Buy a cow and you get to drink all the milk you want. Easy decision, no?

    --
    Je fume. Tu fumes. Nous fûmes!
  6. Can we sue M$?? by adelayde · · Score: 1, Troll

    I wondering, and especially so following their ridiculous bounty on the head of virus writers propaganda stunt, if we (all users, but especially mail server administrators, network admins, ISPs) could all get together and sue M$ for gross negligence and deception, hell! even fraud for the allowing programmes that facilitate the spread of viruses via email and dodgy mail servers that have hole that propagate span.

    Only a small ISP but it's cost us quite a bit already in terms of wasted bandwidth through SPAM and customer support for these viruses?

    Is it possible?

  7. Slashdot Sucks by 8400_RPM · · Score: 0, Troll

    Why dont we try to go one day without bashing MS. How about one day with unbiased news?