> -----Original Message----- > From: Rogerio Silva [mailto:[EMAIL PROTECTED]] > Sent: 17 January 2002 20:22 > To: Exchange Discussions > Subject: RE: Outlook session sharing disable > > > It is easy to develop some sort of trojan, that once installed > and running at a particular machine, can use an active > connection from the user's Outlook to the Exchange Server, to > have free access to the user's mailbox. So, any form of > strong authentication that could be used to enforce the > security of access to the Exchange Server is useless, because > an authenticated Outlook-Exchange session can be largely used > by whatever process running on that machine.
Ok. I'm logged on at my machine and I'm stupid enough to run "click here to see britney spears naked, really, not a virus honest.exe.jpg.pif.htm.bat.com" It uses your elite security hole to send lots of emails via notepad. It sends email via the VBA scripting interface It installs it's own SMTP engine (like Happy99/SKA did) and sends it's damn email it's damn self. What's the difference? What's the point? -- This e-mail is intended for the addressee shown. It contains information that is confidential and protected from disclosure. Any review, dissemination or use of this transmission or its contents by persons or unauthorized employees of the intended organisations is strictly prohibited. The contents of this email do not necessarily represent the views or policies of Luton Sixth Form College, its employees or students. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
