Tag Archives: Exchange

August 27, 2021 · 20:55

And the mystery is?


It is one of those ‘I told you so moments’. I am not happy or proud, but the profound sadness that hits me when I see the way it is reported on is just staggering. A few are reporting on it, but the larger stage is likely to be found in places like the Verge soon enough. The people who get it will soon understand that it will be worse and that my 90% of cloud transgressions was no joke. Yet to see part of that nightmare, you need to realise that the Microsoft Azure cloud has been in existence since October 2008, almost 13 years. Now it took the business to grow its customer base. Yet consider that the article at Reuters ‘Microsoft warns thousands of cloud customers of exposed databases’ (at https://www.reuters.com/technology/exclusive-microsoft-warns-thousands-cloud-customers-exposed-databases-emails-2021-08-26/) gives us “A research team at security company Wiz discovered it was able to access keys that control access to databases held by thousands of companies” Now we can only speculate how long that flaw was there, or perhaps that design error. Yet the damage is enormous. With “Microsoft agreed to pay Wiz $40,000 for finding the flaw and reporting it, according to an email it sent to Wiz” we might think it is trivial because it only costed $40,000, but it is not. Thousands of firms with BILLIONS in IP values and other values have been in danger for years, at the most 3 years, yet the article does not really reflect on that (which is not the fault of the BBC or Reuters). And when we are told “We fixed this issue immediately to keep our customers safe and protected. We thank the security researchers for working under coordinated vulnerability disclosure”, I wonder just how bad it is. Now, I get it, it might be fixed but if that was an easy fix, it might equally mean that it could have been easily prevented. 

So when we get to “This is the worst cloud vulnerability you can imagine. It is a long-lasting secret. This is the central database of Azure, and we were able to get access to any customer database that we wanted.” We get to see that Wiz Chief Technology Officer Ami Luttwak (a former Microsoft employee) now working at Adallom LTD and Wiz. Now we get it bugs happen, yet one would think that proper testing would be done and this bug whilst not proven to be transgressed upon went undetected for no one nows how long until an external group decided to test Microsoft access (optionally on Microsoft orders). So whilst some might think that “Microsoft only told customers whose keys were visible this month, when Wiz was working on the issue” passes the mustard, but it does not, mainly because the length of the transgression enabled time is still unknown, and that is not all. When we consider “The company was breached by the same suspected Russian government hackers that infiltrated SolarWinds”, as well as “a wide number of hackers broke into Exchange email servers while a patch was being developed” with the cherry on top of “A recent fix for a printer flaw that allowed computer takeovers had to be redone repeatedly” a well as “Another Exchange flaw last week prompted an urgent U.S. government warning that customers need to install patches issued months ago because ransomware gangs are now exploiting it”, as such one might speculate that they need to adjust their marketing vision, with the first optional change being “We advertise the most powerful console because the other stuff is buggered” and it seems that Microsoft has all kinds of testing and investigation flaws, that is merely my speculated view, yet for the customers who feel threatened by this, consider looking at Open office (at https://www.openoffice.org), I cannot guarantee it is more secure, but it is free and you are now paying for all the transgressions in a multitude of ways (including an annual fee) so you can at least negate one factor. 

So whilst some feel sorry for that multibillion company and how sad things are, consider that Azure is an issue, especially when you realise “Microsoft and outside security experts have been pushing companies to abandon most of their own infrastructure and rely on the cloud for more security”, when that comes to the surface, we see that Microsoft seemingly embraces ‘sharing is caring’ and with everything people have in that cloud sharing everything with EVERYONE, we might see Microsoft as the most caring behemoth in the universe, but I reckon the customers who pay a pretty penny for that ‘privilege’ will see this differently. But there is light at the end of the tunnel (well not really). Compare the logos of Microsoft and the olympics, now consider that only the black elements (the hackers) were not yet represented, but it seems that Microsoft gave them an internal challenge and so far the hackers are leading three to nil, which is the larger danger. 

And that larger danger is given to us at the very end with “But though cloud attacks are more rare, they can be more devastating when they occur. What’s more, some are never publicised. A federally contracted research lab tracks all known security flaws in software and rates them by severity. But there is no equivalent system for holes in cloud architecture, so many critical vulnerabilities remain undisclosed to users, Luttwak said”. 

So it is here that some might realise that 

  1. Some cloud transgressions are never shown the light of day.
  2. Many critical vulnerabilities remain undisclosed.
  3. (Speculated) The makers might not even be aware of some vulnerabilities.

That is the stage that cloud customers are exposing themselves to and in this, with too many corporations reducing their IT security staff and relying on the security of the cloud, how much is this costing the Fortune 500 who created that erroneous overly simple mindset? It was never a mystery to me, I have written about these kind of dangers since 2017, so if people are just now waking up, good morning and enjoy the coffee you have, you’ll need it.

Leave a comment

Filed under Finance, IT

Tagged as , , , , , , , , ,

April 20, 2021 · 16:14

Baked Alaskan Marketing

Yup, it is about the desert, well in some form. To be honest, I never had it, I saw pictures, I saw people making it (YouTube), but I never ate it. And for today that is OK. You see, it is not really about food. It all started this morning when I saw ‘PS5 isn’t good value compared to Xbox Series X, and I’m sick of it, that is his view, I believe it to be a bit of a hatchet job, but that is usually the case with opinion pieces. There are also ‘anti-Xbox articles’ and that is fine by me. In the end the systems are closely matching, yet for me the actions by Microsoft over the last 8 years have been an indication that the Xbox console is lost to me. No matter what promises they make, as I personally see it, they betrayed the gamers, all in favour of more and more Azure pressure. It is a personal choice and you need to realise that, I personally demoted Microsoft, but it remains personal. Even as they are now starting the Xcloud and other services, I do not want any of them on my systems, but it is mostly personal (partly instinctive). I will not tell you to not do it, you must select what you think is best for you.

When it comes to Xcloud, I feel that I am leaning towards Amazon Luna if I get into that field. The Luna was close to the Google Stadia, almost there but not quite. Considering that Google should have won it as a tech giant implies that Amazon is more hungry and more willing to make the leap, it gives them an edge and in all this, I want something giving me games no other system will, exclusivity matters. I am not certain if the Luna can deliver, but their setting is looking good. 

The fact that we saw ‘Amazon Games opens new Montreal studio, developing a multiplayer game with Rainbow Six Siege veterans’ implies that Amazon has skin in the game, and as such, if my IP (as published earlier) is either PS5, and/or Luna, see it as public domain. The setting for good gaming is what we need and Microsoft (in my personal view) has betrayed that approach. It was their right to make choices, but they come with consequences. So why is there a baked Alaskan in play? Consider the method “The entire dessert is then placed in an extremely hot oven for a brief time, long enough to firm and caramelise the meringue but not long enough to begin melting the ice cream”, it is a way to use the crust to hide what is inside and it can only done once, yet via Microsoft we get ‘As Microsoft pushes partner transformation, a state of ‘channel inertia’ is emerging’, ‘Microsoft’s Surface Laptop 4 Is Nearly Perfect’ and ‘Microsoft’s Visual Studio 2022 is moving to 64-bit’, all different titles, all different sources, but there is a link, lets see if you pick up on it. There is also “Microsoft officials also said they are planning to refresh Visual Studio for Mac by moving it to the native macOS UI”, perhaps you are already catching on. One more hint. It is ‘The FBI removed hacker backdoors from vulnerable Microsoft Exchange servers. Not everyone likes the idea’ there are two parts here.

  1. A court order allowed the FBI to enter networks of businesses to remove web shells used by cyber attackers exploiting Exchange vulnerabilities. But what does this mean for the future of cybersecurity? It is one view, I am not against it, but I get that some are. This has nothing to do with the FBI, it has everything to do with Microsoft dropping the ball. 
  2. Microsoft is seemingly everywhere, with connections way past their computers, Xcloud gives them more and there is too much questions on what Microsoft is capturing, when I asked why they needed to upload 5GB their help-desk stated that this was with my ISP, how stupid is that? I will not allow them on any device, no matter what game will become unavailable to me.

You see, it is not today, or tomorrow, it is what happens a week after that, when we see the exchange issue, the idea of a DDOS version that can use Xcloud is not that farfetched, a DDOS setting using any console it can connect to is a nightmare that should keep several Cyber divisions awake for a long time to come and when we see how Exchange was ‘bitched’ that thought is not the weirdest one to have, with any connection through Xcloud and Azure, the data options are the wettest dreams of organised crime, whilst data facilitators will seek access in whatever way they can and it connects to your systems, your data and could optionally impact your consoles and games. If we get (as published earlier) the setting of ransomware, considering the millions of gamers who have built up a lifetime of achievements, gear and wealth in a dozen games. How long until someone gets a hold of that? Microsoft is spreading itself too thin on too many systems, channels and operating systems. I believe it to be the much larger danger down the track. Yes that is a personal feeling and it is riddled with speculation, but when we see the transgressions over the last 6 months, is the thought that far fetched? 

At the middle of this is their marketing. ‘Partners should ‘ride the wave’, ‘Nearly Perfect’ and a lot more, all to make sure that Microsoft is on the high rise and in the light of diminished negativity, which is the job of marketing, with over 285,000,000 hits on Microsoft (as per today), and 329,000 (Microsoft+scandal), 14,500,000 (Microsoft+problem) we see an overly positive view, which might not be wrong, but that imbalance is making me massively uncomfortable. Especially when we consider “Some Windows 10 users are encountering serious problems following the release of the recent “KB5001330” update, with some reports even coming in that the update itself can’t be installed on some machines”, now these things happen, anyone making other claims is flat-out lying, there is no way that things go perfect, things happen. However, in a stage where Microsoft is so widespread that one hitch could mean all kinds of transgressions, the setting becomes a problem. When we see that and consider “Socure to Provide Identity Verification for Microsoft Azure Active Directory Verifiable Credentials”, we see more and more third party solutions becoming part of the equation. Now, there is nothing wrong with that, but speculatively consider that any danger is double of the previous danger per party involved, as such we see 1%, 2%, 4%, 8%, 16%. The fifth (third party) connection sets the danger to almost one in five, and now consider that we see a stage of overlaps of PC, MAC (iOS), Surface, Azure, Xcloud, Android, we are now optionally in the 32% group, almost one in three where things can go wrong and organised crime wants in, I hope that you realise that a group like HAFNIUM will have no issues selling their solution to the highest bidder, as such, are you sure you want to connect all these systems? 

I accept the work that any marketing division does, but the setting of keeping the users for too long in the dark can have massive consequences down the line and that is where Microsoft has become (my personally speculation) a clear and present danger to gaming (among other parts), that is beside the fact that they are in it for the data, but that too is my personal assumption on the matter. Oh, and I remained conservative, when the error becomes exponential, the setting goes towards 1%+4%+9%+16%, there we see the 4th link making a lager negative impact then any before, I see that, but I personally do not believe that the situation will become quite that bad, but it could be.

Leave a comment

Filed under Gaming, IT, Science

Tagged as , , , , , , , , , , , , , , , , ,