[Info-vax] IKEA
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Fri Dec 9 19:14:08 EST 2022
On 2022-12-09 23:53:55 +0000, Arne Vajh��j said:
> On 12/9/2022 4:37 PM, Stephen Hoffman wrote:
>> On 2022-12-09 14:05:56 +0000, Alexander Schreiber said:
>>> Single Stage to Orbit <alex.buell at munted.eu> wrote:
>>>> On Thu, 2022-12-08 at 08:12 +0000, David Wade wrote:
>>>>> Given the ubiquity of SMB is there anything that could be done?
>>>>
>>>> Yes, stop usuing SMB1, use SMB3 instead.
>>>
>>> Which would magically protect against files being encrypted via a
>>> machine/user with r/w access to the share exactly how?
>
>> Yes, ditching SMB1 will absolutely help, as it's hideously insecure.
>
> It help for some security problems, but not for the one described.
I'll concede that this is not the worst possible problem, of all
possible problems.
SMB1 is a problem that no network should have.
But then this is comp.os.vms, and arguing for the removal of telnet,
FTP, and SMB1 is viewed as traumatic change for some.
>> Of what is reported about the IKEA breach:
>> https://www.bleepingcomputer.com/news/security/ikea-email-systems-hit-by-ongoing-cyberattack/
>>
>
> That was last year.
>
> Is it the same this year?
Ah, my bad.
Here are some of the recent reported IKEA-related security breaches:
2019:
https://cyware.com/news/ikea-inadvertently-exposed-over-400-email-addresses-due-to-human-error-e14e9f38
2022:
https://globalnews.ca/news/8812708/ikea-canada-internal-data-breach-95000-records/
2022:
https://www.techradar.com/news/ikea-confirms-it-was-hit-in-significant-cyberattack
(which lists Morocco, Kuwait and maybe Jordon, and apparently
franchises.)
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list