Re: Software vendor clueless

From: Rainer Duffner (rainer@ultra-secure.de)
Date: Sun Aug 17 2003 - 12:11:47 PDT

Next message: Schneider Sebastian: "Re: Software vendor clueless"

Previous message: Charles Blackburn: "is this the start of something naughty?"
In reply to: H Carvey: "Re: Software vendor clueless"
Next in thread: Drew, Dale: "RE: Software vendor clueless"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

H Carvey wrote:

>Back the turnip truck up one second!  What incident has
>occurred?  If you're referring to the Exchange server
>set to being an open relay...what evidence do you have
>regarding this? 
>

Perhaps it's allready listed in SPEWS or so ?

>Yes, there is significant risk
>associated w/ open relays, particularly if they're used
>to rely porno and/or spam.  
>

The bigger problem would be to end up in SPEWS and staying there.
More and more people are using RBLs and they just wouldn't get your 
client's mails anymore.

Or the ISP could just TOS them , because SPEWS has started to list 
several of his class
Cs to put some pressure on him to "fix" his clients setup.

>But what evidence is there
>to show that this change in the system is the result of
>an incident?  Unless, of course, you're saying that
>someone accidently or unknowingly enabled relaying is
>the incident.
>
>  
>

The real problem seems to be that the Exchange Server faces The Internet 
directly.
That's no a really good idea, even more so if the root password is only 
four characters.
Can Exchange do SMTP-AUTH with the NT administrator-password ?
Set them up a  minimal postfix that queues and relays the mails for the 
Exchange server and the problem is
moved away from the internet.

Cant they setup a VPN to "remote in" for fixing the Exchange-App ?

Things like that really happen all the time and the reason is simply 
that people primarily want to get their
work done and think about security later - if at all.

Only geeks like us want to have a secure system for the sake of security.

The question is: is your client security-conscious ? If yes, they can 
pressure the vendor into a more
secure (currently, it's probably mostly lazyness of the vendor).
If your client doesn't care, when you're out of luck - you're fighting 
against windmills.

Rainer

---------------------------------------------------------------------------
Captus Networks - Integrated Intrusion Prevention and Traffic Shaping  
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Ensure Reliable Performance of Mission Critical Applications
 - Precisely Define and Implement Network Security and Performance Policies
**FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
Visit us at: 
http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814
----------------------------------------------------------------------------

Next message: Schneider Sebastian: "Re: Software vendor clueless"
Previous message: Charles Blackburn: "is this the start of something naughty?"
In reply to: H Carvey: "Re: Software vendor clueless"
Next in thread: Drew, Dale: "RE: Software vendor clueless"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 18 2003 - 11:39:24 PDT