Security Nightmare!! Is this possible?

  • Thread starter Thread starter John Bouman
  • Start date Start date
J

John Bouman

OK, here's what appears to have happened. Yesterday, one
of my users, Ms.X signs on to our company's Microsoft
Exchange server using Outlook Web Access at an offsite
client's Computer, Mr.Y, located in another city. She
signs on with her own name and password. She sends an
email to our VP and HR department regarding an employees
contract. Neither the VP nor HR receive that email until
10:30AM the next morning.

It appears that the email remained in an "unsent" mode on
the off site client's machine, and defaulted to Mr. Y's
Microsoft Outlook, removing Ms.X as the sender and
replacing it with Mr.Y's name. It remains in that mode
until Mr.Y comes into work this morning, and fires up his
computer. Once Outlook is enabled, it immediately sends
the message to the both the VP and to the HR department.
HR sends a response to that email assuming that this is a
legitimate return address, since Ms.X's name as the sender
follows the body of the text in the message, even though
Mr.Y's name and email address are in the "From" box.
Once Mr.Y saw the response to ms.X's email he immediately
notified Myself.

This is not good. How can an email message "migrate" from
the supposedly secure Microsoft Outlook Web Access to the
off site computer's default Microsoft Outlook?

I have since replied to Mr.Y by email and also called to
thank him for bringing this to our attention quickly. I
have also called Ms.X and made her aware of this breach of
security.
 
It sounds like there is something not right here. Are you sure that your
employee was using OWA and not someone else's Outlook configured with a
profile from that company?

--
Milly Staples [MVP - Outlook]

Post all replies to the group to keep the discussion intact. Due to the
Swen virus, all e-mails sent to my actual account will be deleted w/out
reading.

After searching google.groups.com and finding no answer
John Bouman <[email protected]> asked:

| OK, here's what appears to have happened. Yesterday, one
| of my users, Ms.X signs on to our company's Microsoft
| Exchange server using Outlook Web Access at an offsite
| client's Computer, Mr.Y, located in another city. She
| signs on with her own name and password. She sends an
| email to our VP and HR department regarding an employees
| contract. Neither the VP nor HR receive that email until
| 10:30AM the next morning.
|
| It appears that the email remained in an "unsent" mode on
| the off site client's machine, and defaulted to Mr. Y's
| Microsoft Outlook, removing Ms.X as the sender and
| replacing it with Mr.Y's name. It remains in that mode
| until Mr.Y comes into work this morning, and fires up his
| computer. Once Outlook is enabled, it immediately sends
| the message to the both the VP and to the HR department.
| HR sends a response to that email assuming that this is a
| legitimate return address, since Ms.X's name as the sender
| follows the body of the text in the message, even though
| Mr.Y's name and email address are in the "From" box.
| Once Mr.Y saw the response to ms.X's email he immediately
| notified Myself.
|
| This is not good. How can an email message "migrate" from
| the supposedly secure Microsoft Outlook Web Access to the
| off site computer's default Microsoft Outlook?
|
| I have since replied to Mr.Y by email and also called to
| thank him for bringing this to our attention quickly. I
| have also called Ms.X and made her aware of this breach of
| security.
 
John said:
OK, here's what appears to have happened. Yesterday, one
of my users, Ms.X signs on to our company's Microsoft
Exchange server using Outlook Web Access at an offsite
client's Computer, Mr.Y, located in another city. She
signs on with her own name and password. She sends an
email to our VP and HR department regarding an employees
contract. Neither the VP nor HR receive that email until
10:30AM the next morning.

It appears that the email remained in an "unsent" mode on
the off site client's machine, and defaulted to Mr. Y's
Microsoft Outlook, removing Ms.X as the sender and
replacing it with Mr.Y's name. It remains in that mode
until Mr.Y comes into work this morning, and fires up his
computer. Once Outlook is enabled, it immediately sends
the message to the both the VP and to the HR department.
HR sends a response to that email assuming that this is a
legitimate return address, since Ms.X's name as the sender
follows the body of the text in the message, even though
Mr.Y's name and email address are in the "From" box.
Once Mr.Y saw the response to ms.X's email he immediately
notified Myself.

This is not good. How can an email message "migrate" from
the supposedly secure Microsoft Outlook Web Access to the
off site computer's default Microsoft Outlook?

I have since replied to Mr.Y by email and also called to
thank him for bringing this to our attention quickly. I
have also called Ms.X and made her aware of this breach of
security.
Click to expand...

OWA uses HTTPS via web browser to connect to the Exchange server at the
company. It does not use the local Outlook client software. Sounds
like Ms. X used Mr. Y's Outlook program instead of opening a browser for
OWA.
 
On further reading, it sounds like this bug bit the original poster:
http://zdnet.com.com/2100-1105_2-5111330.html

--
Milly Staples [MVP - Outlook]

Post all replies to the group to keep the discussion intact. Due to the
Swen virus, all e-mails sent to my actual account will be deleted w/out
reading.

After searching google.groups.com and finding no answer
John Bouman <[email protected]> asked:

| I double checked with "Ms X" she said she is positive that
| she was used the browser Google to get to the Internet and
| was logged into OWA as herself.
|| -----Original Message-----
|| John Bouman wrote:
||| OK, here's what appears to have happened. Yesterday, one
||| of my users, Ms.X signs on to our company's Microsoft
||| Exchange server using Outlook Web Access at an offsite
||| client's Computer, Mr.Y, located in another city. She
||| signs on with her own name and password. She sends an
||| email to our VP and HR department regarding an employees
||| contract. Neither the VP nor HR receive that email until
||| 10:30AM the next morning.
|||
||| It appears that the email remained in an "unsent" mode on
||| the off site client's machine, and defaulted to Mr. Y's
||| Microsoft Outlook, removing Ms.X as the sender and
||| replacing it with Mr.Y's name. It remains in that mode
||| until Mr.Y comes into work this morning, and fires up his
||| computer. Once Outlook is enabled, it immediately sends
||| the message to the both the VP and to the HR department.
||| HR sends a response to that email assuming that this is a
||| legitimate return address, since Ms.X's name as the sender
||| follows the body of the text in the message, even though
||| Mr.Y's name and email address are in the "From" box.
||| Once Mr.Y saw the response to ms.X's email he immediately
||| notified Myself.
|||
||| This is not good. How can an email message "migrate" from
||| the supposedly secure Microsoft Outlook Web Access to the
||| off site computer's default Microsoft Outlook?
|||
||| I have since replied to Mr.Y by email and also called to
||| thank him for bringing this to our attention quickly. I
||| have also called Ms.X and made her aware of this breach of
||| security.
||
|| OWA uses HTTPS via web browser to connect to the Exchange server at
|| the company. It does not use the local Outlook client software.
|| Sounds like Ms. X used Mr. Y's Outlook program instead of opening a
|| browser for OWA.
||
|| --
|| __________________________________________________________ __
|| *** Post replies to newsgroup. E-mail is not accepted. ***
|| __________________________________________________________ __
||
||
||
|| .
 
Back
Top