Comments on: Security Researchers Can Do Better When Discussing Microsoft 365 Flaws https://practical365.com/phishing-security-researchers/ Practical Office 365 News, Tips, and Tutorials Tue, 20 Dec 2022 00:29:15 +0000 hourly 1 https://wordpress.org/?v=6.3.2 By: Joe Sutherland https://practical365.com/phishing-security-researchers/#comment-248634 Tue, 20 Dec 2022 00:29:15 +0000 https://practical365.com/?p=57762#comment-248634 Did you know that if you create an allow ANY/ANY inbound firewall rule that malicious traffic can exploit the way your network equipment routes packets to launch malicious attacks against your infrastructure? 😀

His example literally created a rule to turn off some of the email hygiene protection for the domain in question. As you pointed out, that’s a terrifically bad idea and doesn’t actually have anything to do with “direct send” configuration for MFPs. That ETR’s equivalent would be a terrible idea and have the same potential for abuse with other hygiene providers/tools.

]]> By: Andrew T https://practical365.com/phishing-security-researchers/#comment-248626 Mon, 19 Dec 2022 17:09:57 +0000 https://practical365.com/?p=57762#comment-248626 Thank you for being a voice of reason Tony. Sadly some researchers and their employers seek to use vulnerabilities discovered as an opportunity to promote themselves. Sadly I think this it harder on defenders as we need to start wading through the “real vulnerabilities” which do require immediate attention and the clickbait ones

]]>