I mentioned this last week, but it’s blowing up. The Four exploits in Exchange Server are being used by hackers to access email accounts. It appears over 30,000 government and commercial organizations may have been hacked. Wired says it’s tens of thousands of email servers.
Why do we care?
Why cover it again? It’s gone mainstream at an exceptionally high level. It’s huge… and bigger than the SolarWinds compromise.
I’ve been asked by investors if I thought SolarWinds would be long term hurt by the incident. Disclosure, I own stock in the company. I’ve said no, and this is why. It’s just a matter of time until the next one, and the next one, and the next one.
But let me link to two more stories for some more context.
Wired is reporting that mobile can be just as bad – a significant number of iOS and Android apps are running with common misconfigurations.. that expose data. This includes network credentials, system config files, and server architecture keys. Oh, and researchers found some misconfigurations allow the changing and overwriting of data.
So.. again, why do we care?
Because we’re not fundamentally changing anything. We’re patching and moving on. Unless we’re talking about changes in design philosophies, and changing out standards for what we deploy, we’re not making changes. Now, this might seem like a downer… but instead, look at this as the potential. There is room to do something different and really invest in doing different things.
Source: The Verge
Source: The Next Web