__/ [ Sinister Midget ] on Saturday 13 May 2006 17:12 \__
> On 2006-05-13, Jim <james@xxxxxxxxxxxxxxxxxxxxxxx> posted something
>> "The bug in Exchange that Microsoft disclosed Tuesday is too juicy a
>> target for hackers to pass up, security companies warned Wednesday, and
>> users should expect to see a worm pop up any time.
>> Tuesday, Microsoft patched a flaw in Exchange 2000 and Exchange 2003's
>> calendaring function. According to Microsoft's security bulletin, an
>> attacker could exploit the vulnerability simply by sending a
>> specially-crafted e-mail to the server. "
> All of these Windows/Sever/IIS/Exchange vulnerabilities call for a
> "carefully crafted" something or other. The truth is many of them could
> be triggered by simple mistakes. The hard work was already done in
> advance by tying them to Microsoft products.
Only a couple of months ago, one user of the Exchange server in the Division
had it choke for several weeks. Staff were unable to check their mail
reliably (if at all) for a very, very long time. And yet, nobody blamed
Exchange servers or Microsoft.
,----[ Quote ]
| The problem was attributed to an improper server configuration, causing
| five servers to send out more than half a million emails to Dublin
| solicitors. The deluge of mail originated with a publishing company's
| email marketing message, which was sent to solicitors. When some
| solicitors attempted to reply to the mail, a fault in the
| solicitors' configuration of Microsoft Small Business Server sent
| the original email to their entire email database tens of thousands
| of times.
Roy S. Schestowitz
http://Schestowitz.com | SuSE Linux ¦ PGP-Key: 0x74572E8E
5:20pm up 16 days 0:17, 12 users, load average: 1.81, 1.82, 1.79
http://iuron.com - Open Source knowledge engine project