Is your organisation's Microsoft Outlook Web Access secure?

Is your organisation's Microsoft Outlook Web Access secure?

Recently security researchers have disclosed reports of a new vulnerability in OWA (i.e. Outlook Web Access). This has been the headline of many security bulletins throughout internet since October 5, 2015.
OWA is a component of Microsoft Exchange Server which is an Internet-facing webmail server and is deployed in private companies and organisations to provide internal emailing capabilities.
Important point to note here is that unlike other web servers that typically have only a web interface, OWA is different. It is a critical internal infrastructure that also faces the Internet, making it an intermediary between the internal, DMZ, and the web.

Hack airplane anyone?

Recent times there have been two very interesting incidents reported. One was about a seasoned hacker, who was able to change flight path by hacking in to in-fight entertainment system. The other was about a Chrysler Jeep, which was hacked by some one sitting in the comfort of a sofa, remotely. Obviously, any flaw which seems to endanger an airplane grabs more eyeballs and creates more interest. More I researched on the report, more I grew confident that such a hack is not possible. I will write down the report, which came out and also put my arguments against the same.

The report stated that Chris Roberts used a modified Cat6 ethernet cable to connect his laptop to the electronic box under the passenger seats. He then overwrote the code on the airplane’s thrust management computer. After breaching the system, he fired a ‘CLB’ or climb command causing one of the engines to climb and consequently making the airplane go in a sideways or lateral movement.

Subscribe to RSS - hack