The bigger issue is probably being allowed to set up an arbitrary one at _all_ without approvals. Once you have one, redirecting it is maybe not the biggest issue? Could still be problematic though.
This story is quite old, security culture in tech was really quite basic and forgotten in a lot of places. I would hope that a similar thing would not be allowed today at anything like a big company.
>security culture in tech was really quite non-existent
This is 1991, the actual number of people on the internet was tiny back then. Things like SMTP servers were commonly open relays (for some reason I'm remembering sendmail being an open relay out of the box).
A lot of the internet culture wasn't based on security, but of the premise you shouldn't be a dick.
It quickly changed in the next few years as the number of people online exploded.
Yep! A formative experience of my childhood was working out how to type SMTP commands over telnet and sending mail from billg@microsoft.com to my dad. Such "opportunities" vanished decades ago.
Worked at an aerospace concern in the early 90sā¦ for the first year or so there was no firewall. Yes, my Mac and PC directly on the internet with routable addresses.
I soon set up a website and webcam as they were shipped. CU-See-Me blew my mind. At some point I stood up a Quake server and invited friends to play. ;-)
This story is quite old, security culture in tech was really quite basic and forgotten in a lot of places. I would hope that a similar thing would not be allowed today at anything like a big company.