security hole in Maximizer

[mkljones () CRIS COM (Mike Jones)]

Ok.  This came up a long time ago at the office, and immediately turned my
stomach when I found it.  However, after spending a while on the phone
with Maximizer tech support and an email to their developers, I got the
old 'That's how it works.'

So I'll leave it to your opinions.

The product at risk is the Maximizer Enterprise program version four from
Multiactive Technologies.  http://www.maximizer.com.

The issue.  Maximizer is an address book database and calendar similar to
what MS does with Outlook.  In this program, there is an option to share
your calendar with everyone (ie:  Everybody can look and see that yes, so
and so is out at a meeting at 4 tomorrow.)  The DOWNSIDE to this is that
everyone can also CHANGE the calendar of everyone else.  Now in a small
office this is  probably not too bad since everyone knows everyone else,
and usually everyone knows everyone else's passwords (bad bad.  what can
you do with a pile of salespeople.)  But in a large office, this is a BIG
problem.

Maximizer's paraphrased response:  If they can see it, they can change it.
Don't let them see it, or  hope they don't change it.

Just a little FYI for everyone.  Be careful.

Hopefully Multiactive changes it in their next version.


Mike Jones