Spacer Sidebar Directory Map

The Technical Writer's Checklist

The Training Book, the handbook for trainers

 

ITrain - International Association of Information Technology Trainers

Wide Open Web Outlook

Microsoft's product posts your e-mail to the net

ITINFO Sponsor

Internet E-Commerce Services

Go beyond websites and e-marketing.
Get away from all the hype and lies.

If you do e-commerce, you need us.
Will you be ready when the time comes?

Internet E-Commerce Services

Internet Poll
Have you attended a seminar via e-learning?
yes
no

poll archive

Microsoft Web Outlook Security Hole

by Dave Murphy
ISSN 1535-3613

Dave Murphy, DGL President & ITrain founder Microsoft has confirmed that the Exchange 5.5 e-mail system allows unauthorized access to user's mailboxes through flaw in the Outlook Web Access module. The module mishandles inline script in HTML e-mail messages. Full control over a mailbox is granted with an e-mail message with improperly embedded code is opened through Internet Explorer.

The malicious attacker can delete mail, move messages, and send messages as if he were the mailbox owner.

Dave's Opinion

The Web Outlook application is a great idea that's poorly implemented. I like being able to get to my mail from a web browser. But the security in Web Outlook is unacceptable. I use a different application to get to my mail through the web, and I'd never consider using Microsoft's remote email application.

Remote mail access is handy when I travel. For example, I kept in contact with clients during a recent extended trip. A couple of times a week I stopped at the local library, logged onto the web, checked my mail (deleted hundreds of spam messages), and responded to the most burning issues. I didn't have fast Internet access in our villa, and with a couple of hot projects going I couldn't stay incommunicado for more than a few days. The web-accessible email was a savior.

Call for Comments

What do you think? Leave your comments on the message center.

References

Microsoft Security Bulletin
Message Center

Subscribe to ITINFO.
Receive computing and Internet news & tips
by subscribing to the ITINFO information service.
Type your Internet email address in the form, and click "Subscribe."
Email Address:

Damar Group, Ltd. helps business use technology.

ITINFO is again accepting sponsors. Sponsor messages are included in ITINFO's email newsletter and are permanently posted to DGL's website and online reference areas.

ITINFO is an electronic publication of Damar Group, Ltd., publisher of Training Express computer learning guides. Comments and submissions to info@dgl.com.

Previous issues are on our website at http://dgl.com/itinfo/.

updated December 7, 2001
http://dgl.com/itinfo/2001/it011207.html

Return to DGL homepage
Copyright © 2001, Damar Group, Ltd., All Rights Reserved