RSS stands for Really Simple Syndication. Public Assistance Reporting Information System (PARIS).Office on Trafficking in Persons (OTIP).Office of Planning, Research & Evaluation (OPRE).Office of Legislative Affairs and Budget (OLAB).Office of Human Services Emergency Preparedness and Response (OHSEPR).Office of Family Violence Prevention and Services (OFVPS).Office of Child Support Services (OCSS).Family and Youth Services Bureau (FYSB).Administration on Children, Youth, and Families (ACYF).Administration for Native Americans (ANA).I have a feeling that I still don't get what the problem is. But anything inside of the RSS folder inside of my mailbox is not published to a RSS feed anywhere and cannot be subscribed to by others? At least I don't see how? If creds were reset and nobody but the owner can access the RSS folder, then who cares? You paint a picture of user's mailbox / emails being published to an RSS feed that someone else can subscribe to (therefore have access to some emails they should not have access to). In other words - what I don't get is this: But no matter what is in my RSS folder cannot be accessed by someone else unless they still have access to my mailbox. Yes, it is usually used by people to hold RSS feeds they subscribe to. Could be called anything, but it is called RSS Subscriptions. That is still a folder within my mailbox, though.
Let's say I go to my rules and create a rule to copy emails to a RSS folder within my mailbox. I'm still not understanding something, and it is this:
Having the ability to just turn off RSS subscriptions/feed on the tenant would help prevent future comprised credential.ĭont know if that answer your question lol. MFA would help with the credential stolen, but putting the entire company on MFA might not be an option. After they sniff through all the emails and learn how things are done, they can strike.ĭkim and Dmarc will help from spoofing email (emails that say it's from someone inside of the company but isn't as the return address is pointing to outside). This gives the perpetrator the ability to see all past and incoming emails w/o having to log into the account which might tip off the security department because of the IP address it's being logged in from. This is often overlooked when someone credential has been compromised and the RSS Subscription folder is so far down the list that no one really pays attention.
The perpetrator would logged into OWA to set a rule to copy the inbox to the rss subscription area and then subscribe to the RSS feed. Someone is our company had their credential phished. I would like to disable the capability to do RSS through the Outlook Desktop Client and OWA.
0 kommentar(er)
