-
Tiger was making an example, and I think going outside the context of what OWA does may have confused it a bit.
Here's my clients Internet facing OWA login URL (sanitized to protect the guilty):
https://owa.example.com/exchweb/bin/...hange&reason=0
The announcement on Insecure.org shows how if you change the redirection URL at the end, the user get's redirected to whatever is specified. They then go on to explain how if you obfuscate the changed URL, it won't look nearly as suspicious, i.e. instead of using http://example.com/ you'd use http://3221234342/
-
In Exchange 5.5, the owalogon.asp page doesn't exist,
