Security

White House Prankster

There has been some press recently about a “prankster” that duped several senior White House officials into replying to and acting on emails sent to their accounts that they believed were from son-in-law Jared Kushner. You can find more details in this CNN article. What’s the big deal LOL what’s the big deal with this. The administration is not known for thier strong use of technology or email in general. Trump doesn’t have time for that so he’s terrible at it right?

Encryption

Looks like the government is at it again now that Apple has come out stating that they are not going to roll over and provide a master key to their iPhone software. Really NSA? How about the part where the terrorist didn’t use encryption in these attacks. European media outlets are reporting that the location of a raid conducted on a suspected safe house Wednesday morning was extracted from a cellphone, apparently belonging to one of the attackers, found in the trash outside the Bataclan concert hall massacre.

SQL exploits

You know its going to be a bad day when you get the following email: Did someone hack our website? It looks like a Chinese news listing entry has been added with today’s date. Ballsack! Time to roll up the sleeves. How bad is the damage? From the looks of it, other sites on the web server had not been damaged. Doing a search for modified files found nothing out of the ordinary had been changed.

20%

We launched our Hosted Exchange 2007 Product just over a year ago. And for the most part, things have gone great. One of our early decisions was to balance the security of the system while making the system as user friendly as possible. Originally, we had a pretty strict password policy. We soon found that many of our customers were not too happy with this policy and thought it was too much.

WordPress Security Concern

I’m not sure if you’ve applied the latest updates for wordpress but I did last week. However, it appears that someone got in to one of the blogs that I manage and created an account for themselves. They didn’t do anything with it, but they DID have full admin access. I’m assuming that this was due to a security bug in 2.8.3 as they were in when that was on the server.