Exchange Server Flaw
Why did it take over a week for me to find this?
I guess Micro$oft is keeping it mum, but there’s a pretty major security issue with their Exchange versions 5.5 and 2000. It seems that if any guest accounts are left open, they can be exploited by spammers. Usually, a guest account is set up as a default mailstop for anything that doesn’t have anywhere else to go. But, spammers can use these accounts to send out their own e-mail with their own agenda. There’s an article about it on CNet News.
But the thing that disturbs me about this is that they seem to have known about this for sometime. They just didn’t feel the need to publisize it very much. Kind of ironic for a company that’s offering a “bounty” for the virus writer that came up with Slammer and the like. It’s also hard to believe that they’re really getting behind the whole idea of tightening security on their products when they let something like this slip! Ah, well, what can you expect from a company run by a college drop-out with a police record?