(1 point) the most important plot events** the most important character a lesson about life Which of the following is the main idea of a story?(1 point) the point of view of the
Hardware Supply Chain Risks
The need to deploy the latest server hardware in recent years has been increased due to risks that companies face because of security flaws in processors. These flaws are steadily increasing and affecting newer equipment at an alarming rate. Given the current state of dealing with the “Black Swan” event that is the COVID-19 pandemic, it may be prudent to include processor shortages as part of Business Continuity Planning.
The demand for silicon producers has surpassed the ability to provide supply ahead of schedule as TSMC and Intel (among others) are gearing up to provide solutions for greater capacity in manufacturing plants. The boom for interconnected devices with built in processors is reaching a point of exponential growth as the “Internet of Things” is taking it’s rightful place in history next to technology similar to the home computer, and the world wide web. Decreased supply capacity, increased supply demand, and looming processor security flaws are hinting to a catastrophe waiting to happen.
While the likelihood of such events culminating in devastating consequences is low, the significance of their impact results in a very big dilemma. The amount of resources needed to account for such an event are small enough to justify the inclusion of what might be seen as an outlier for risk management. The bolstering of detection technologies for specific threats during such a time should be weighed with considerations for the complexity minichat of processor attacks as well as the current state of a companies cybersecurity infrastructure. While the sky is not falling yet, the potential for this looming event does exist.
Microsoft Exchange finds itself being updated repeatedly in a short span after the January discovery of suspect activity from a reportedly Chinese APT. Several CVE’s have been documented including the use of a Server Side Request Forgery (SSRF) vulnerability. There are new scripts out that are available to the public that can be used to scan and test systems facing the WAN.
If an attacker wants to enumerate mail exchange server data there are multiple tools available, given that domain names are a good place to start. This might fall under the Open Source Intelligence Gathering category known as OSINT. One free tool that is available with minimal installation is Maltego. Through the use of transformations on a domain name it may become easy to discover the information for mail exchange servers.
While SSRF style attacks are being circumvented in big cloud providers like AWS and Azure, it is interesting to note that this vulnerability does not affect Office 365 customers. Being relegated to on premise installations of Microsoft Exchange might be used for some information systems departments to consider the transition to online services as the rapid development of Microsoft’s hosted platform appears to be a higher priority than the continued support for Exchange.
BOLA is Super-Contagious
Given the choice of having IDOR or BOLA, which do you think is preferred? The correlation of Ebola Virus Disease aside, it should be noted that both IDOR and BOLA are one in the same. IDOR (Insecure Direct Object Reference) and BOLA (Broken Object Level Authorization) are abbreviations reserved for manipulating object ID’s via API’s in web applications.
But what does that really mean? Without getting overwhelmed with the details, an attacker can use legitimate access to an API to run queries and expose object ID’s and associated data that is using a predictable identifier. These types of techniques have been used in several different attacks over the years, and now BOLA finds itself at the top of the OWASP top Ten and it is being used to exploit web applications reapetedly.