> People connecting through our VPN have access to an internal-only SMTP gateway... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		voytec 12 months ago \| parent \| context \| favorite \| on: We got hit by an alarmingly well-prepared phish sp... > People connecting through our VPN have access to an internal-only SMTP gateway machine that doesn't require SMTP authentication. This part sounds... not great. Even bad actor within org could send messages as someone else: president to payroll etc.

spogbiper 12 months ago [–]

not great indeed. is this organization not under any compliance requirements? unauthenticated SMTP is not going to pass even the laziest of security scans. although neither is VPN access without MFA

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact