Messages your customers receive from a hacker who has already compromised your email system are going to look much more convincing, and could result in your clients transferring large sums of money into a scammer’s bank account and you losing customer trust and future business.
Read more in my article on the Bitdefender Business Insights blog.
(credit: Gage Skidmore)
Hillary Clinton isn’t the only one who may have had an e-mail security problem. A security researcher has discovered that the Trump Organization’s mail servers all run on a version of Microsoft Windows Server that has been out of support for years, with minimal user security. The e-mail servers for Trump’s hotels, golf courses and other businesses run on an unpatched version of Windows Server 2003 with Internet Information Server 6—making them a vulnerable target for anyone who might want to gain access to the organization’s e-mails.
Security researcher Kevin Beaumont posted the finding on Twitter at 6:00pm on Monday:
Quick update on Trump corp email servers – all internet accessible, single factor auth, no MDM, Win2003, no security patching. pic.twitter.com/nIMTa9UmdL
— Kevin Beaumont (@GossiTheDog) October 17, 2016
Beaumont also found the Trump Organization’s Web-based e-mail access page. Until this morning, the Trump Organization allowed Outlook Web Access (OWA) logins from webmail.trumporg.com. Beaumont said he did not attempt to log into the e-mail system.
Black Hat has disabled features of its mobile application because attackers could have logged in as legitimate attendees, posted messages in their names and spied on the messages they sent.
The problem was discovered by mobile security vendor Lookout who detail the problem in a blog that says the method of registration and password resets were flawed.
“[W]e’ve removed user-to-user messaging functionality and activity feed updates out of an abundance of caution,” a spokesperson for the conference organizer UBM said in an email.
The problems stemmed from the fact that new accounts were created without email verification, and that even when users reset their passwords, authentication tokens weren’t revoked. So attackers logged in already could stay logged in.
To read this article in full or to leave a comment, please click here
National Harbor, Md. — Former Secretary of State Colin Powell acknowledged using insecure email during his tenure at the State Department – but as a way to create more immediate communication among those within and outside the department.
During his keynote address at Gartner Security and Risk Management Summit he told the 3,400 in attendance that he had two computers on his desk, one the official secure computer – “clunky and difficult to use” – and the other a laptop with a phone line and modem that he used exclusively for his AOL account.
+More on Network World: Gartner: ‘Insider threat is alive and well on the dark Web’+
To read this article in full or to leave a comment, please click here