The Lighthouse IT Podcast - March 12th, 2021
Matt and Griff go through a lot this week, including the Massive Exploit Discovered in On-Premise Exchange, how the Largest European Cloud Hosting Provider Catches Fire, a Healthy Man Gets Text Message that He's Eligible for Vaccine for being too... Fat, AT&T and T-Mobile ban shared short codes, Burger King + International Women's day, and MTN Dew Deep-Fake with Bob Ross.
Massive Exploit Discovered in On-Premise Exchange
HAFNIUM - Hafnium is the name that Microsoft uses to denote a specific gang of cybercriminals, allegedly operating out of China via cloud services in the US.
These patches were deemed so critical that they came out the week before March 2021's regular Patch Tuesday, instead of being made to wait for the rest of the month's fixes.
These zero-day bugs can be used, amongst other things, to get access into, and to implant malware onto, Exchange systems, giving the crooks a sneaky entry pathway that avoids the need for cracked or guessed passwords.
Attackers are using the exploit to run elevated shells accessible on the internet. Allowing them an open door to do as they please on these networks.
For more information about webshells:
Largest European Cloud Hosting Provider Catches Fire
OVHcloud's SBG2 datacenter in Strasbourg has caught fire, damaging SBG1, and bringing SBG3 & SBG4 offline while emergency services respond, with firefighters able to prevent spread to SBG3 & 4.
While thankfully no one was hurt in the fire, OVHcloud has notified clients that they should implement long term continuity plans and that it is to be assumed that all data in SBG2 is lost.
This leads to the most common misconceptions:
- The cloud is natively backed up
- The cloud is natively geographically redundant
- The cloud is natively secure
Healthy Man Gets Text Message that He's Eligible for Vaccine for being too... Fat?
Liam's a brit, journalist, and fairly healthy. By his own mention, maybe, a bit on the chunky side. But Liam was a bit surprised to receive an SMS telling him to come along and get his COVID-19 shot because of his "excess weight."
Well it turns out that UK is using BMI to calculate at-risk persons due to weight and, polarizing as its use continues in the 21st century, and that through a clerical error, Liam's BMI came back at and staggering and quite impossible 28,000 (there's only ever been 2 people on record with a BMI over 200).
But there were no checks to validate any data entered, so someone who inputted Liam's height (6'2") instead entered as 6.2 into a field expecting centimeters.
So no validation on the data entry and no validation on the calculation results in the impossible numbers.
AT&T and T-Mobile ban shared short codes.
SMS saw a growth spurt during 2020.
Is this a good thing? Will SMS be seen as a more trusted method now that each brand may use a dedicated, unique number for their marketing efforts?
Will others follow?
Burger King and International Women's day
Burger King said what...?
Yeah, they really said that "Women belong in the kitchen."
Was this a media stunt, or just bad marketing...?
MTN Dew Deep-Fake with Bob Ross
Mountain Dew used a Bob Ross deep-fake for their most recent YouTube ad campaign.
This 'lost episode' has Bob Ross painting a bottle of Mountain Dew.
This is a 42 min episode: