It was a mere 12 hours ago when I gave the previous story, where the AP gave us “Attackers are finding it harder and harder to gain access via traditional methods, as vendors like Microsoft and Apple have hardened the security of the operating systems considerably over the last years”, yet less then an hour ago we see the BBC give us ‘European Banking Authority hit by Microsoft Exchange hack’, I am guessing that the AP was looking out for the needs of Microsoft, the timeline is too weird. Even as we see “The EU body said personal data may have been accessed from its servers. And it had pulled its entire email system offline while it assessed the damage. “The EBA is working to identify what, if any, data was accessed,” it said”, I wonder what and for how long was in the mix. You see, we might look at ““Everyone running these servers – government, private sector, academia – needs to act now to patch them,” White House press secretary Jan Psaki said. Microsoft believes a Chinese state-sponsored attacker called Hafnium is behind the hack.” No matter what or who Hafnium is, no one is looking towards Microsoft, no one is looking how the weakness was there in the first place. And if we accept ‘Microsoft believes a Chinese state-sponsored attacker called Hafnium is behind the hack’, the setting of time changes, it takes time to ascertain who did this, that is logical. Yet 12 hours after the AP story? This is direction, this is intent, the coincidences are too weird and I never give credence to coincidence. It is another setting of filtered information. First the Washington Post, then several others and now Associated Press, the stage is changing and some players are speculatively raking it in before it all implodes on itself.
Yes, I admit and I agree that this is very ‘conspiracy theory’ yet consider the timeline, it is the one true linear path they cannot change, the directors can merely arrange their story according to the timeline, that is as good as they can make it. So when we look at the tweet from the NSC, we see “Patching and mitigation is not remediation if the servers have already been compromised”, yet there is a lack of investigation how for so long servers could be compromised, when one patch creates a new problem it is not a patch, but service level agreements and marketing need to report a patch and the problem remains, or optionally gets to be worse. Can we also optionally agree that if the Microsoft engineers can be circumvented Microsoft has a much larger problem and that is where you want to keep your data? When we see patch after patch, but no real solution, where can you put your faith?
The BBC article gives a nice list (at https://www.bbc.com/news/technology-56321567) on ‘Who has been attacked?’, yet the larger question on why Microsoft are leaking as a sieve is not dealt with, and even as we would like to guess, the fact is that there are too many patches, the setting is slowly becoming that Microsoft products are too unsecured to be considered for corporate needs and a shift to Unix/Linux might be essential to consider over time. Feel free to do it after you lost all your IP, but that is up to you. And in al this, how long has this be known? I cannot counter the accusations of that person named Hafnium, but it does imply that the situation was out there for a lot longer than we can be comfortable with. I leave that thought up to you.