Press "Enter" to skip to content

That Exchange Server issue continues to blow up, plus two more

I mentioned this last week, but it’s blowing up.   The Four exploits in Exchange Server are being used by hackers to access email accounts.   It appears over 30,000 government and commercial organizations may have been hacked.  Wired says it’s tens of thousands of email servers.   

Why do we care?

Why cover it again?  It’s gone mainstream at an exceptionally high level.     It’s huge… and bigger than the SolarWinds compromise.

I’ve been asked by investors if I thought SolarWinds would be long term hurt by the incident.   Disclosure, I own stock in the company.   I’ve said no, and this is why.  It’s just a matter of time until the next one, and the next one, and the next one.  

But let me link to two more stories for some more context.

Researchers are reporting that Alexa Skills have some gaping privacy problems.   Amazon doesn’t vet the developers, and there is no verification of standards.  On top of that, developers can use redundant wake words, so you might be using the wrong skill and not even know it.   Finally, devs can change their privacy policy… without notification after Amazon’s approval.  

Wired is reporting that mobile can be just as bad – a significant number of iOS and Android apps are running with common misconfigurations.. that expose data.    This includes network credentials, system config files, and server architecture keys.  Oh, and researchers found some misconfigurations allow the changing and overwriting of data.  

So.. again, why do we care? 

Because we’re not fundamentally changing anything.    We’re patching and moving on.    Unless we’re talking about changes in design philosophies, and changing out standards for what we deploy, we’re not making changes.  Now, this might seem like a downer… but instead, look at this as the potential.  There is room to do something different and really invest in doing different things.

Source: The Verge

Source: The Next Web

Source: Wired