You have to love it.
The world-famous serious criminal points his finger at others and makes accusations in the daily rhythm.
Microsoft says Beijing-backed hackers are exploiting four zero-day vulnerabilities in Exchange Server to steal data from US-based defense contractors, law firms, and infectious disease researchers. The Windows giant today issued patches for Exchange to close up the bugs, and recommended their immediate application by all. On- …
First of all, never ever consider that a mail is a good way to transmit confidential data - a message I hammer to users but who doesn't seam to enter their head. The higher in the hierarchy, the less it enters surprisingly.
Having access to an exchange server is a bad thing anyway, just having informations on calendars can be very insightful too.
It has been a while since I had anything to do directly with Exchange. I did get a look at a bit of their software 15 years ago and it was really badly written. Is it still like that? Probably. It is like Adobe's Flash; every month there were a zillion documented security fixes. And Flash took decades to die.
When will WE get rid of Exchange? Maybe MS is so used to patching things (to make billions) that it can't let go.
It's not that it's necessarily so hackable, more of it's a common product that holds a lot of data thieves want. Serious thieves don't rob the homeless guy in front of the bank, they rob the bank.
You don't need to wait to get rid of Exchange, there are other products you can use if you want to. Managing a network environment end to end is the main reason MS is the main player for corporate networks, including Email.
Having worked as an Exchange engineer for just under 15 years, I can tell you your assumption is way off. Exchange has become a very solid product, but due to the nature of the content, it's a highly sought after target. Email is one of the biggest treasure troves a hacker can get to. Your remark in regards to security fixes is ridiculous, Exchange updates are published quarterly now and there are generally very few bugfixes in between. You're still thinking about Exchange 5.5, the world of email has changed substantially since then.
That was an exciting 24 hours, we were scrambling to get the fixes installed. I love stuff like that, the emergency process kicks in and all responsibility falls firmly on the people executing the updates, no layers upon layers of management that need to put their 2 cents in, short lines and fast turnover, this is what I love most about working in IT.
Got all my customers sorted out, was done at 22:30 last night with the last 2010 server (customer is slow to migrate, they should've been gone last year, but they're still with us on the EOL 2010 servers). Very satisfied with a job well done, this is one of the things the company I work for excels at, normally it's just as bureaucratic as any other large company, but when shit hits the fan, it really shines.
Biting the hand that feeds IT © 1998–2021