• Categories

  • Blogging (1)
  • Investing (4)
  • Miscellaneous (2)
  • Product Endorsements (1)
  • Random Thoughts (1)
  • Technology (4)
    • System Administration (1)

• Tags

  Active Directory Adsense Benchmarking BNK Brokerage Accounts Caching Candlestick Charts Coin Laundry E*Trade Email Archiving Email Signature Ethics Finance Google Google Analytics Google Finance Hair Gel HTTP Compression Identity Theft Indexing Investing Journaling MS Exchange NAFTA Oil Outlook Scripting SEO SSN Standardization Stocks Technical Analysis TN TN-1 TSX US Immigration VBS Wordpress WordPress Plugins XML Sitemaps

• Archives

  • May 2008
  • April 2008
  • February 2008

Unethical MS Exchange “Journaling”

A friend and business associate of mine called me up today with an interesting problem. He does contract work for a company in Oregon who recently had to let their system administrator go. The reason he was let go had more to do with the state of the economy than job performance. In order words he was not fired (although after this, he probably should have been), but he was let go for financial reasons. Now, fast forward several months later until May, 2008. This friend of mine was browsing their active directory and happened to find a domain user called “Archive Archive.” The account looks innocent enough, as if there is even a legitimate purpose for it. Their old SA, however, had been silently forwarding all corporate email to it. As it turns out, he found out that he was going to be canned about a week or two before it happened and changed the setting to forward all corporate mail to his personal mail account so he could still read it after he was let go.

How was he doing this? He was using the journaling feature of Exchange 6.5 which allows you to archive all mail sent and received by a specific data store to one users mailbox (in this case, user “Archive”). He then setup a rule to forward mail received by Archive to his two personal email accounts. The screenshot to the left was taken from this website which goes into more depth about the feature:

Exchange 2003 ‘Journaling’ – A quick tutorial

This left me wondering what a company could do to better protect itself. After he left they forced all domain users to change their passwords. However, he still would have had full access to the network (via Terminal Services). After logging in, he just would have been prompted to change the password to his illegitimate account. I suppose it could be argued that someone should have scanned the AD listing and questioned what the “Archive” account was for. Let’s say that instead of using “Archive” he had used a permutation of the presidents name, for example “Dave Smith” instead of “David Smith”. I know personally, I’d probably see that quickly, wonder why two accounts were setup for him, and then continue scanning. This company uses a software package that legitimately requires some users to need two account to avoid some poorly designed licensing pitfalls.

Comments

• Recent Posts

  • Making Your WordPress Blog Run Faster Using WP Super Cache
  • How To Get Indexed By Google In 48 Hours
  • Coin Laundry - A Better Alternative?
  • Bankers Petroleum (BNK:TSX) - Update
  • Unethical MS Exchange “Journaling”