[sdw2003] Exchange OWA running on an inside server?
BMF
badmotherfsckr at gmail.com
Sun Dec 2 00:14:46 PST 2007
On 12/1/07, Tim Doscher <tim at supportsd.com> wrote:
>
> Seriously everyone, I would love someone to show me an exploit that would
> affect a fully patched OWA instance setup correctly that can be executed
> over 443.
The point is that MS has the worst record for computer security (and it's a
very long one) in the entirety of the operating system business. MS is the
only company who designs operating systems the way they do and they are the
only one that has such epic security troubles. Sure there is no exploit for
it *now*. But there is a very high probability that there will be given
their track record for disaster. We aren't willing to bet that we get it
patched up before our email is stolen and our server used in a botnet for
sending spam. Our corporate policy (and I'm not the one who sets it) is that
the general public does not directly interact with any windows server.
Period. No port forwards through firewalls, nothing. Anything public facing
is served on some other OS. We use Exchange for email and the ONLY way to
talk to it is from the local network or through the VPN. And the VPN server
is NOT a Microsoft product.
More information about the sdw2003
mailing list