Now, we are getting reports from many of our own users that things are getting resolved.
However, not from the person who opened the ticket to us yet, so even our ticket for the issue (and this thread) are "open". There is more tracking in both our tickets and in ML of MS' failures than MS tracks themselves. Doesn't that alone tell us how much MS is trying to falsify the data by closing early before there is a resolution?
When they report on this in the media, they will used those closed tickets as "evidence" of the issue having been resolved earlier than it really is.
Ummm....as an attacker, why can't I just have a next page fake confirmation which forgets the profile photo (easy to overlook in a hurry) and get the password for google anyway?
Same again for the banking website.
Thats exactly what happens. You'd be surprised at what passes for phishing attacks, and how many people fall for them. I've seen ones that have asked people "for security purpose" to enter all 50 4-digit code card entries, something a bank would obviously never do.
Partially that's because real banks have done that traditionally.
Like AMEX. I needed a password reset and they asked all of the info on my card, other than my name and expiration.
Yeah, it definitely still happens. And I've had huge security gaps that I've told a bank was not secure and they didn't care. I said... I literally have no means to tell if you are really my bank or not and they are just like "so, we don't care."
Although I don't believe you are completely out of the woods just because you have a business Agreement (BA) with a provider you use that is housing Personal Health Information (PHI) - in fact I'm pretty sure that I'm suppose to request a result of their own audit to ensure they are doing what they are suppose to be doing.. only after collecting that yearly (though how I'm suppose to know it's valid is beyond me) would I be close to be indemnified.
That's possible, back when I was doing HIPAA all the time that was not the case but it does get updated regularly.
Knowing that it is valid is likely none of your concern. You can't know that audits are valid more or less by definition. You'd need the auditor to be audited and that auditor audited and so on and so forth.
Interesting enough,.. I'm still running into the issue of OWA showing new email. Last time I check email, the OWA icon showed 12 but I opened it up, and had only three emails and none of them were new.
Sorry everyone for a late response. Just been dealing with some family health crisis. As far as the personal files. I've learned that the IT team has locked down everything via group policies. My girl has to ask permission to do almost anything she needs to do for work. As for the type of Exchange server they are hosting, I don't know. I'm sure they're not going to give me that info. lol! Thank you for your support and feed back on the matter.