Hack 'n sack knack
[ How come these comments aren't threaded? This is a reply to a post by @michelle on page 2 ]
> "So often, email is taken for granted and secured with weak or shared passwords"
True, yeah, but they didn't just acquire a user pw with a phish. They obtained cleartext access to the entire email DB.
Sure, that could mean a weak admin pw, in which case, someone should be spanked. But it sounds more like non-updated s/w.
HOWEVER, since this was a state action approved by Putin himself, it's more likely that the russians decompiled Exchange Server long ago and found all the bugs MS gifted to us because they couldn't be bothered to delay the release cycle with rigorous programming and code auditing.
The Washington Post said that the NSA has a big list of bugs that can crack Windows, but they'd rather let other countries find them than tell MS. And it's just as likely MS wouldn't bother fixing them anyway (see the Google bug-report debacle a couple of years ago).
I still haven't seen a description of how they broke in. Anyone know (or a link)?