DevOps'ish

DevOps, Cloud Native, Hybrid Cloud, Open Source, industry news, culture, and the ‘ish between.

DevOps’ish 209: Hafnium, dhcpcd needs new maintainer, Beat the Systemic Racism of IT, Google HR issues, OVH disaster, git vulnerability, sigstore and more

In a first, there are two DevOps’ish Indexes in flight right now. I did not want this day to ever happen but here we are. Solarwinds and Microsoft both have their hands full. DevOps’ish has your back. Here’s all the data points for both incidents so far. NEW DevOps’ish Microsoft Exchange Hafnium Compromise Index DevOps’ish Solarwinds supply chain compromise Index What a time to be alive. Also, DevOps’ish is 101 subscribers from officially passing the 5,000 subscribers mark. Read more →

Microsoft Exchange

DevOps’ish Microsoft Exchange Hafnium Compromise Index

A one-stop shop for opinion, analysis, and/or coverage of the Microsoft Exchange Hafnium compromise. Coverage includes official statements and filings, accredited media coverage, industry analyisis, and noteworthy blogs, digital media, and other mediums as deemed worthwhile. Note: All links shared here have gone through the normal DevOps’ish editorial and curation process. To add content for review, issue a pull request against this file in GitHub. Official Statements Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: March 2, 2021 (KB5000871) Joint Cybersecurity Advisory Compromise of Microsoft Exchange Server CISA Strongly Urges All Organizations to Immediately Address Microsoft Exchange Vulnerabilities | CISA Microsoft Exchange Server Vulnerabilities Mitigations – updated March 9, 2021 – Microsoft Security Response Center Multiple Security Updates Released for Exchange Server – updated March 12, 2021 – Microsoft Security Response Center “Patching and mitigation is not remediation if the servers have already been compromised. Read more →