Azure Releases ExpressRoute

Microsoft has recently announced “ExpressRoute” for their Azure stack!  This is great news for security centric partners needed to ensure private access to the service hosted on Azure.

If you utilize a network service provider that supports ExpressRoute connections, your connection can even bypass the public internet entirely!

I am personally excited to see where this technology goes, and how many providers start to pick it up.

Please note, even if your carrier does not support ExpressRoute directly, you can still utilize the ExpressRoute service!

Phishing Scam : Walmart TV’s

Ha!  That is pretty damn clever.  I think this is the first time I can remember of a “receipt” being sent out.  I am still curious as to why they can’t proofread their emails for spelling/grammar.  Is it for spam detection, or are they really just that lazy with it?

Furthermore, why isn’t there more done to ensure email origination?  I can see when a Twitter account has been “verified”, or if a Facebook account is authentic.  Where is the system for emails?  Maybe it is out there, and I just don’t know about it?

Simulated Bank Heist:

Pretty impressive stuff.  Looks like Nish Bhalla from SecurityCompass was able to create $14 million dollars from “thin air”.  Granted, he had access to an internal network ahead of time, but still this is impressive.  A little sniffing, a lack of encryption, and some wherewithal and Nish was able to create a new account.

I would think banking of all places would be more serious about encrypting their data.  Shouldn’t there be some kind of compliance for passing banking data, even on internal networks? Or is this more about a lack of decent talent, capable of coming up with these security measures?

Microsoft Security Compliance Manager

I just discovered the Microsoft Security Compliance Manager through the Microsoft Security blog.  Looks like a great tool I will be able to use very soon with a new SBS setup I just did for a client.