Solved

OWA 2003 vulnerabilities

Posted on 2010-08-18
5
512 Views
Last Modified: 2012-05-10
If a user from home accesses their work email via OWA, can malware on their PC infect OWA and use their contact list to spoof accounts? Would they then be able to use those accounts to send spam and make it appear to come from the work email server?
0
Comment
Question by:PSD_Admin
  • 3
5 Comments
 
LVL 11

Expert Comment

by:Coast-IT
ID: 33469786
No, OWA is completely seperate to anything on the PC, it is a web based system.  Even with shared folders on it, it is read only.

Nothing to worry about.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33469954
I have to research OWA security a bit more.
Usually SSL provides one line of safety.

However, you maybe susceptible to a different type of malaware/phishing attack, where users get an alert note to change their passwords in OWA, which takes them to a different site altogether.

Something like this advisory.
http://itservices.uchicago.edu/services/technicaltools/securitynews/2010/01/owamalware.shtml

will post back if I come up with something.
0
 
LVL 28

Accepted Solution

by:
sunnyc7 earned 500 total points
ID: 33469989
0
 

Author Comment

by:PSD_Admin
ID: 33590300
Thank you for your comments they were all very helpful.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33590337
You are welcome :)
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now