March 6, 2021 | 14:00

Microsoft Exchange Meltdown

Everybody with an Internet-faced Microsoft Exchange server, Outlook Web Access (OWA) or Exchange Active Sync (EAS) can consider his or her system as compromised since January. This is reported by security experts like Chris Krebs1 and news magazines like Golem2 or Heise3. In Germany, the BSI has contacted more than 9,000 companies4. The scope of the current security vulnerabilities are comparable to the previous Microsoft major Incidents regarding Eternal-Blue5 and Wannacry6 4 years ago. Read more

November 27, 2020 | 17:40

Phishing and Spam

Within just a few days, the German EU Representation warns people about phishing emails.1 This is the 4th warning regarding data theft since July 20202 by Reinhard Hönighaus, press spokesman and head of the press and media office. Obviously there is an urgent need for action. In his current warning dated 26.11.2020, only two days after the previous one, he identifies T-Online users as targeted by phishing mails and also provides the explanation: Read more

October 19, 2020 | 08:00

RFC 8461 MTA-STA

This weekend I was very active in improving my own security. I have also found two neat tools for quality testing which are Hardenize1 and DNSViz2 - both added to my Micro-Blog post “Measuring website quality”. On my own mailserver I have implemented MTA-STA according to RFC 84613 incl. reporting. This standard is quite new (2018) and is particularly suitable for servers without DANE4. However, even without DANE I believe that I have the best and most complete server by standards (DKIM, SPF, DMARC, MTA-SRA, TLS-RPT, TLS1. Read more

October 8, 2020 | 10:02

BSI warns about Exchange

40.000 Companies in Germany affected The BSI (German Federal Authority for Informationsecurity) warns with the second highest level “orange” (= the IT threat situation is mission critical. massive disruption of regular operations) in the public media1. Around 40,000 companies in Germany alone are affected by several critical vulnerabilities because security updates have not yet been installed2. In fact, Heise speaks of playing Russian roulette3. It’s not without reason that I have been warning for several years now about interlocking internal AD and internet functions like Microsoft does deliberatly. Read more

© 2021 Tomas Jakobs - Imprint and Legal Notice