It is not my inbox.

  • Thread starter Thread starter Dinesh Kumar
  • Start date Start date
D

Dinesh Kumar

Dear,
We have faced a new security lapse in our network. It is a network of around
100 people accessing internet using ISA proxy server over an ADSL line of
2mbps. from last few days I received complains from our users that when
person A is opening his hotmail account in his computer he could see some
others (Person B) Inbox.
It sounds a High scare among the users in the network. Parson A could see
the mail list in the inbox but couldnt open. And these users never use each
others computer for any reason and never logs into others acount. This is
noticed one more person C also could see the inbox items of Person B in his
computer. All these computers are in rthe same VLAN. If any of you come
accross this situations please let me know how this could be resolved for
ever. What kind of security lapse is this?
PLease do help.
Thanks Dinesh.
 
Dinesh Kumar said:
Dear,
We have faced a new security lapse in our network. It is a network of around
100 people accessing internet using ISA proxy server over an ADSL line of
2mbps. from last few days I received complains from our users that when
person A is opening his hotmail account in his computer he could see some
others (Person B) Inbox.
It sounds a High scare among the users in the network. Parson A could see
the mail list in the inbox but couldnt open. And these users never use each
others computer for any reason and never logs into others acount. This is
noticed one more person C also could see the inbox items of Person B in his
computer. All these computers are in rthe same VLAN. If any of you come
accross this situations please let me know how this could be resolved for
ever. What kind of security lapse is this?
PLease do help.
Thanks Dinesh.
Click to expand...

This is hardly the right place for this question. You would be far better
served by asking it an ISA NG, crosspost to microsoft.public.isa and
microsoft.public.isaserver (I'm not which is the most active).

Basically the problem will either connection sharing or caching. One user
may be seeing a cached response to a URL that a previous user has retrieved.
Alternatively the authentication of a user may be tied to a connection but
ISA is pooling connections to the server and re-using for subsequent
requests from other users.

The chaps in the ISA ngs will know much more about it and how to resolve it.
 
Back
Top