I love IMail and IPSwitch don't get me wrong. I feel confident in the product. I
just try (key word here is try) keep up to date with all the latest going ons in the
hacker world so I know that yes I am vunerable and how I may try to protect myself
better. One important thing I learned on there is that by default any IIS server can
be hacked even with all the latest patches. No web site should be located in the
default wwwroot directory. MS doesn't tell you that but the hacker site's will. I
haven't seen much new info about IMail lately except for the fact about hacking the
registry to unlock the eval edition. I know if they can hack it this way someone has
modified that script to get user info as well. I just like to watch my self.
Everyonce in awhile they have a post there that explains how to hack something that an
administrator can easily fix by changing some basic configuration info. I don't keep
my user directories in the default IMail directory for this reason. Just saying it is
a hard world out there and once you
get on the internet it is even harder to protect yourself
---------- Original Message ----------------------------------
From: "Susan Metre" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date: Wed, 6 Jun 2001 09:40:41 -0400
>I would say this was a major problem.
>http://securityportal.com/list-archive/bugtraq/2001/Apr/0439.html
>
>However I am impressed that Imail patched this up so quickly. I feel more
>confident now in this product now that I have seen problems fixed so
>quickly.
>
>Thanks.
>
>
>
>-----Original Message-----
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED]]On Behalf Of Matthew Lohr
>Sent: Wednesday, June 06, 2001 9:11 AM
>To: [EMAIL PROTECTED]
>Subject: Re: [IMail Forum] Imail Web Server Hacking
>
>
>Can it be hacked? Yes! Can your user database be compromised? Yes! Can any
>server be hacked and all data compromised? Yes! If you don't think so goto
>www.astalavista.com and do some searching. Hackers are a mean and nasty
>community. If they want it bad enough they will get it. Hackers have
>gained access to all types of servers. Microsoft has been hacked, the
>registry of servers get hacked and yes i think i even found a hack for IMail
>up there where you can download the whole eval program and then apply a hack
>to it to unlock it. Seems like hacking IMail was done a long time ago.
>
>
>---------- Original Message ----------------------------------
>From: "Scot Desort" <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>Date: Tue, 5 Jun 2001 14:47:54 -0400
>
>>It depends on what you mean by "hack".
>>
>>If you mean Denial of Service, yes, IMAIL has had some vulnerabilities in
>>this area, but most if not all have been squashed with recent patches.
>>
>>If you mean compromising of the user database and/or email messages, I've
>>never heard of any issues.
>>
>>--
>>Scot
>>
>>
>>----- Original Message -----
>>From: "Susan Metre" <[EMAIL PROTECTED]>
>>To: <[EMAIL PROTECTED]>
>>Sent: Tuesday, June 05, 2001 10:23 AM
>>Subject: RE: [IMail Forum] Imail Web Server Hacking
>>
>>
>>> I am wondering if the Imail web server has any hacking issues.
>>>
>>> Can people hack into it and compromise the server like can be done with
>>IIS?
>>>
>>> Has anybody been hacked regarding this yet?
>>>
>>> I am kind of surprised I have not read anything on this as it would be
>>> suprising to me that Imail is so secure that it has not been hacked into
>>> before.
>>>
>>> Please let me know if anyone knows.
>>>
>>> Thanks.
>>>
>>>
>>> _________________________________________________________
>>> Do You Yahoo!?
>>> Get your free @yahoo.com address at http://mail.yahoo.com
>>>
>>>
>>> Please visit http://www.ipswitch.com/support/mailing-lists.html
>>> to be removed from this list.
>>>
>>> An Archive of this list is available at:
>>> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
>>>
>>
>>
>>Please visit http://www.ipswitch.com/support/mailing-lists.html
>>to be removed from this list.
>>
>>An Archive of this list is available at:
>>http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
>>
>
>
>
>
>
>________________________________________________________________
>Sent via the WebMail system at lohrtech.com
>
>
>
>
>
>Please visit http://www.ipswitch.com/support/mailing-lists.html
>to be removed from this list.
>
>An Archive of this list is available at:
>http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
>
>
>_________________________________________________________
>Do You Yahoo!?
>Get your free @yahoo.com address at http://mail.yahoo.com
>
>
>Please visit http://www.ipswitch.com/support/mailing-lists.html
>to be removed from this list.
>
>An Archive of this list is available at:
>http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
>
________________________________________________________________
Sent via the WebMail system at lohrtech.com
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
