RE: [IMail Forum] Problem With Calendaring

[Fitscape.com Internet Relations]

Norm,   Keep in mind Imail was a 'canned' email solution for companies, and has really evolved.  That said, there are a lot of corporate admins, and smaller ISP guys as well as just people interested in what goes on here.  There is a ton of excellent information that is communicated here.  Some of it not even Imail or MAIL related!  Many of these people simply subscribe here b/c there is so much good info.  I know I would whether we ran Imail or not.  While you may not get a huge volume of help, I guarantee the help you do find here will be quality.  It is most likely the power_admins on this list may simply be quiet b/c they have nothing pertinent to help you with (at the moment)   Now - if you sincerely intend to use that page for testing purposes, why not password protect it?  That way you can easily monitor who sends what when from it, and only allow trusted/verified users to do your testing.   My $.02 worth :) Bryan -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Norman J. Nolasco Sent: Tuesday, March 19, 2002 6:12 PM To: [EMAIL PROTECTED] Subject: RE: [IMail Forum] Problem With Calendaring 3000?! Sorry, I had not realized that the list was that big.  I thought this was a small list of iMail admins/developers only. I just took the test page down.  It would be nice to have something like NTBugTraq's Responsible Disclosure forum.   http://www.ntbugtraq.com/default.asp?sid=1&pid=47&aid=66   It would really help to quickly identify security problems and "to treat the information appropriately, be it to publish it, fix the problem and alert their customers, or get it in front of other experts for peer review, vetting, and further analysis or comment."   Which brings me to a few questions:   1) Isn't this list moderated?  I hate to say it, but I guess my inappropriate messages should have been canned early on. There's nothing I can do about the messages that were already sent out or archived.  My mistake.   2) I didn't purchase the Service Agreement and therefore am not eligible for support.  Would IPSwitch still spend a few hours on me to find a fix for something like this?   3) Originally, I intended for others to both test the vulnerabilities and suggest solutions.  So far only you, Ron, and Jonathan have suggested fixes (which I really appreciate).  The problem is that the test page has been hit over 400 times in the last 3 days and I neither see any confirmations nor other suggestions from the Forum members to fix the problem.  Considering that there may be over 3000 subscribers, I think you're right.  It's just a bunch of people trying to hack into other people's accounts instead of searching for a solution.  Not what I had intended.   From my server logs, it looks like ipswitch has hit the test page a few times.  They're probably aware of the issue now.   Apologies, Norm   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ron Hornbaker Sent: Tuesday, March 19, 2002 5:14 PM To: [EMAIL PROTECTED] Subject: RE: [IMail Forum] Problem With Calendaring Norman,   About 3,000 anonymous people subscribe to this list. It would probably be best to notify the software manufacturers first, and give them a reasonable period of time to respond/patch before you describe cracking methods in a public forum. Just my biased $0.02 as a software manufacturer. :) Ron Hornbaker  - http://humankindsystems.com - 2,603 admins can't be wrong  - http://AnswerTrack.com - eCRM email tracking & routing  - http://KillerWebMail.com - the name says it all  - 1-888-952-4888 or [EMAIL PROTECTED]