back to article Exchange flaws could be much worse than thought: Six hacking groups suspected of using the zero days pre-patch

It's looking like the exploitation of critical Exchange flaws that Microsoft revealed at the start of the month could be much worse than folks first suspected. An analysis by Slovak security shop ESET claims that six advanced criminal hacking groups, thought to have some level of state sponsorship, used the zero days to attack …

  1. Version 1.0 Silver badge

    We need to change the Internet

    Easy access and performance have been the top priorities for years, security has always been just a "feature" - remember the old days when if you were driving around after an evening in the pub and it was never a problem unless you ran off the road a few times? Nowadays driving around is a security issue and doing it drunk is a crime, moving the driving world view into the Internet will not be easy but security needs to be a high priority - look at what's happening everywhere ... if it's connected to the Internet then it's at constant risk of getting hacked these days.

    If we don't change the Internet then we'll keep getting hacked (see icon).

    1. Anonymous Coward
      Anonymous Coward

      Re: We need to change the Internet

      So, I have a question about this here Exchange Vuln....

      The Co I used to work for had exchange, but INTERNAL only. Only active sync was exposed via a reverse proxy. Probably not that uncommon.

      The question I need to ask is: Is it because they HAVE exposed their Exchange servers to the internet are they being hacked, in which case.... Imbeciles, or is there something a little more clever going on?

      1. Anonymous Coward
        Anonymous Coward

        Re: We need to change the Internet

        The exploit only works if you have OWA ETC exposed directly to the internet.

        If you simply said "uh, no" and stuck the entire thing behind a VPN leaving nothing but ports 21/587 exposed then you remain impervious to this entire threat class.

        The biggest surprise is that over fifty thousand exchange servers were compromised like this, and thus directly addressable on the internet.

        1. ecofeco Silver badge

          Re: We need to change the Internet

          Not questioning you, but need a source to show the boss. Do you have a link for this? There is so much FUD coming up in the search results I have not been able to verify anything.


        2. Michael Wojcik Silver badge

          Re: We need to change the Internet

          Fifty thousand? We're up in the hundreds of thousands now.

          1. Anonymous Coward
            Anonymous Coward

            Re: We need to change the Internet

            I even saw some attmepts on our small site. A responsible vendor picked us up on Shodan and that finally got the bosses to take note that we needed to patch NOW.

  2. TimMaher Silver badge

    Git update... bootnote... ish.

    For those of us using an out of date Mac, homebrew refused to update git, citing a missing keg.

    Yesterday, homebrew itself was updated and the latest version of git installs properly.

    Get patching all High Sierra users!

  3. Pascal Monett Silver badge

    The only alternative

    . . is to stop using someone else's server to retrieve production code !

    You bring the code in-house, you analyze it and test it, and when it is suitable, you compile it and put it on your production server.

    Anything else is just asking for trouble.

  4. John Brown (no body) Silver badge

    Call Recorder

    WTF is a 3rd party call recording app doing saving data to a 3rd party server? Why would anyone even install such an app?

    1. Michael Wojcik Silver badge

      Re: Call Recorder

      "I need to do X. This thing does X. Any other considerations will require I do more work."

      Actually, this explains not only your second question, but probably your first as well. "Hmm, I need to store this data somewhere. Let's see what I can find with a single StackExchange search. Ah, a set of instructions for dumping data into an S3 bucket using a hard-coded key."

  5. Androgynous Cow Herd

    Is that a list of "Hacking Groups"?

    Or the line up for this years' Coachella?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like