ITrain Homepage

Site Directory
Membership
Train-the-Trainer
Trainer Certification
Certified Training Materials
ITinfo E-zine
Responsible Training
White Papers
Trainer Resources
What's New
Speaking Engagements
Onsite Training
ITrain Gear



Popular Links
Speaking Engagements
Training Manuals
Certification
Train the Trainer
The Training Book
Technical Writing
Privacy Policy

Print this document

Google
Web ITrain.org

Wide Open Web Outlook

Microsoft's product posts your e-mail to the net

ITinfo Sponsor

ERROR: Random File Unopenable

ERROR: Random File Unopenable

The random file, as specified in the $random_file perl variable was unopenable.

The file was not found on your file system. This means that it has either not been created or the path you have specified in $trrandom_file is incorrect.

Microsoft Web Outlook Security Hole

by Dave Murphy
ISSN 1535-3613

Dave Murphy, ITrain founder Microsoft has confirmed that the Exchange 5.5 e-mail system allows unauthorized access to user's mailboxes through flaw in the Outlook Web Access module. The module mishandles inline script in HTML e-mail messages. Full control over a mailbox is granted with an e-mail message with improperly embedded code is opened through Internet Explorer.

The malicious attacker can delete mail, move messages, and send messages as if he were the mailbox owner.

Dave's Opinion

The Web Outlook application is a great idea that's poorly implemented. I like being able to get to my mail from a web browser. But the security in Web Outlook is unacceptable. I use a different application to get to my mail through the web, and I'd never consider using Microsoft's remote email application.

Remote mail access is handy when I travel. For example, I kept in contact with clients during a recent extended trip. A couple of times a week I stopped at the local library, logged onto the web, checked my mail (deleted hundreds of spam messages), and responded to the most burning issues. I didn't have fast Internet access in our villa, and with a couple of hot projects going I couldn't stay incommunicado for more than a few days. The web-accessible email was a savior.

Call for Comments

What do you think? Leave your comments on the message center.

References

Microsoft Security Bulletin
Message Center

Subscribe to ITinfo.
Receive computing and Internet news & tips
by subscribing to the ITinfo information service.
Type your Internet email address in the form, and click "Subscribe."
Email Address:

Previous issues are on our website at http://itrain.org/itinfo/.

International Association of Information Technology Trainers
PMB 616
6030-M Marshalee Dr
Elkridge, MD 21075-5987

410.567.5366
1.888.290.6200
fax: 801.650.0423
Membership Director: member@itrain.org

Return to ITrain Homepage

Copyright © 2001 International Association of Information Technology Trainers, Ltd., All Rights Reserved

http://itrain.org/itinfo/2001/it011207.html
updated December 7, 2001