That is exactly what is so maddening - the lack of detail in this report. So, while the security firm might(!) have found the point of infection, they sound (and maybe are) incompetent to find the method of intrusion.
That, or they're just attention hounds - or both... Kurt On Wed, Oct 7, 2015 at 8:37 AM, Michael B. Smith <[email protected]> wrote: > We've been discussing this on a couple of closed lists. Long-story short - > insufficient data at this time. > > The wording of the story is also of some concern. "Outlook mailserver"? Not > Exchange? > > Also, how was the DLL injected? Was the server already compromised? If so, > game over and it isn't OWA's fault. > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Kurt Buff > Sent: Wednesday, October 7, 2015 11:32 AM > To: [email protected]; ntsysadm > Subject: [Exchange] So, how did they plant the malware? > > The article is short on details, and so is the security firm's PDF. > Very scary, but nothing in the way of actionable intelligence, AFAICT > http://arstechnica.com/security/2015/10/new-outlook-mailserver-attack-steals-massive-number-of-passwords/ > >
