July 22, 2023 at 5:12 pm
I'm posting this because I just want to make sure that people are aware. I don't believe a "panic" is required but I do believe that "awareness" is required. We all "knew" the following would "never happen", right?
https://www.securityweek.com/microsoft-cloud-hack-exposed-more-than-exchange-outlook-emails/amp/
You might also want to check on the "Related" links near the bottom of each article. It's not like this is the first incident but I don't hear many people talking about such things. Has it become so common that "we" now just shrug and accept?
--Jeff Moden
Change is inevitable... Change for the better is not.
July 23, 2023 at 6:10 pm
Thanks for posting your issue and hopefully someone will answer soon.
This is an automated bump to increase visibility of your question.
July 24, 2023 at 5:33 am
Isn't that supposed to never ever happen ?
#Sarcasm
Johan
Learn to play, play to learn !
Dont drive faster than your guardian angel can fly ...
but keeping both feet on the ground wont get you anywhere :w00t:
- How to post Performance Problems
- How to post data/code to get the best help[/url]
- How to prevent a sore throat after hours of presenting ppt
press F1 for solution, press shift+F1 for urgent solution 😀
Need a bit of Powershell? How about this
Who am I ? Sometimes this is me but most of the time this is me
July 24, 2023 at 1:25 pm
Nothing, anywhere, is perfectly secure. There are always vulnerabilities. We just don't always know what they are until it's far too late.
However, I still land where I always land on this. Mostly, Microsoft is going to do a better job than most organizations at securing stuff, most of the time. NOTE: not all, not all the time, not everywhere. Certainly, there are some orgs that are going to be better... or, they're just small enough that they haven't had the full focus of serious hackers just yet.
Regardless, you kind of have to assume, at some point, you may be hacked. Backups, offline storage, other stuff along these lines will always be prudent. Cloud or not. Microsoft or not.
"The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood"
- Theodore Roosevelt
Author of:
SQL Server Execution Plans
SQL Server Query Performance Tuning
July 24, 2023 at 1:53 pm
Nothing, anywhere, is perfectly secure. There are always vulnerabilities. We just don't always know what they are until it's far too late.
However, I still land where I always land on this. Mostly, Microsoft is going to do a better job than most organizations at securing stuff, most of the time. NOTE: not all, not all the time, not everywhere. Certainly, there are some orgs that are going to be better... or, they're just small enough that they haven't had the full focus of serious hackers just yet.
Regardless, you kind of have to assume, at some point, you may be hacked. Backups, offline storage, other stuff along these lines will always be prudent. Cloud or not. Microsoft or not.
That, good Sir, is my whole point. Too many people (from what I've seen on many of the forums) think that the cloud is some form of magic when it comes to security. It can certainly be better than not having someone that knows security locally but the cloud isn't total magic. You have to protect against the eventual penetration that will occur.
--Jeff Moden
Change is inevitable... Change for the better is not.
July 24, 2023 at 1:56 pm
You're not paranoid when they're out to get you. And they're out to get us.
"The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood"
- Theodore Roosevelt
Author of:
SQL Server Execution Plans
SQL Server Query Performance Tuning
July 24, 2023 at 5:04 pm
If you have done your due diligence, you have to shrug it off. Very few organizations do as a whole and many IT Professionals do not do it personally.
Being aware of these things/healthily paranoid and being aware of the buzzwords and promises of any solution not being panacea but tools in an arsenal, is critical.
The cloud is no magic, what the cloud is, is that some of the unacceptable user and management requests that would normally be forced through, contrary to basic security practices. Things like holding back patches for months because of...'reasons.' Or installing google chrome on servers. Or giving a self-aggrandizing manager domain admin rights. These things could magically happen on prem too, if an organization has the fortitude to enforce them.
I really like this video from Defcon 19 that is kind of adjacent to this topic: https://youtu.be/XIfrfWgJlsI
July 25, 2023 at 10:59 am
The question is not "If they'll target you",
the question is "When will they target you"
#KeepDoorShut
#KeepSecurityTight
Johan
Learn to play, play to learn !
Dont drive faster than your guardian angel can fly ...
but keeping both feet on the ground wont get you anywhere :w00t:
- How to post Performance Problems
- How to post data/code to get the best help[/url]
- How to prevent a sore throat after hours of presenting ppt
press F1 for solution, press shift+F1 for urgent solution 😀
Need a bit of Powershell? How about this
Who am I ? Sometimes this is me but most of the time this is me
July 26, 2023 at 5:48 am
Very useful post i really appreciate thanks for sharing such a nice post.
August 24, 2023 at 9:45 am
This was removed by the editor as SPAM
Viewing 10 posts - 1 through 9 (of 9 total)
You must be logged in to reply to this topic. Login to reply