To give you the best possible experience, this site uses cookies. Review our Privacy Policy and Terms of Service to learn more. Got it!
Search a title or topic

Over 20 million podcasts, powered by 

Player FM logo
Artwork

Community Radio Tech Interviews Linux Open Software Freedom Tech News HPR Volunteer Hacker Public Radio Programming Tech Software Development Podcasting Education Hobbies
Content provided by HPR Volunteer and Hacker Public Radio. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by HPR Volunteer and Hacker Public Radio or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

Similar to Hacker Public Radio

Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

Hacker Public Radio « »
HPR4379: Mapping Municipalities' Digital Dependencies

 
Play
Playing
Share
 

MP3Episode home
Manage episode 482830994 series 44008
Content provided by HPR Volunteer and Hacker Public Radio. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by HPR Volunteer and Hacker Public Radio or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

This show has been flagged as Clean by the host.

In this episode, I discuss my ongoing project aimed at mapping the dependencies municipalities have on major third-party digital services, particularly focusing on Microsoft and Google , given their dominance in the market.

The aim of this research isn't about debating the quality of these products—it's assumed that with thousands of employees, these services meet most quality expectations. Instead, the focus is on the critical implications of widespread dependency and potential risks related to service interruptions or supply chain attacks.

Why is this important?

  • Supply Chain Attacks : High dependency means higher vulnerability to targeted disruptions.
  • Business Continuity : Significant risks were illustrated by incidents such as the CrowdStrike outage in July 2024 , which forced Brussels Airport back to pencil-and-paper operations temporarily.

My Research Approach:

Primarily, I analyze the DNS MX records of municipalities:

  • MX records typically reveal if mail services are hosted on Microsoft (Office 365/Exchange Online) or Google (Workspace).
  • A high probability that using these providers for email also means municipalities likely depend on the respective cloud office suite (e.g., Word/Excel/SharePoint or Docs/Sheets/Drive).

Preliminary Observations:

  • Belgium, Finland, Netherlands : Over 70% of municipalities rely heavily on Microsoft mail services, a significant warning sign of dependency.
  • Germany, Hungary : Fewer than 5% of municipalities use Microsoft or Google explicitly via MX records, though caution is necessary. Here’s why:

Challenges Identified:

  • Local MS Exchange Servers : Municipally hosted local installations aren't externally identifiable via MX records.
  • Mail Proxies : Some municipalities use mail proxy services (spam/phishing filters) obscuring the actual mail service used behind proxy domains.

Techniques Tested:

  • SPF Records : Often reveal the underlying email service, though they may contain outdated information, lowering reliability.
  • Telnet EHLO Commands : Municipalities commonly obscure their SMTP headers, limiting usefulness.
  • Cloud Provider IP-Ranges : Investigating if mail servers run on Google, Amazon, or Azure infrastructure. Even if identified, this alone doesn't clarify if proprietary or replaceable services are used.
  • TXT Records : Occasionally contain subscription keys or mail-related settings (e.g., MS subscriptions, Mailjet), but again, could be historical remnants.

Unfortunately, none of these get to show me all of the third party services.

Community Call:

I'm reaching out to listeners and the broader community for ideas or techniques on reliably fingerprinting the actual digital service providers behind mail servers. Specifically:

  • How to accurately determine if servers run Microsoft or Google services ?
  • Any ideas to detect deployments of Nextcloud or similar open-source alternatives?

Resources:

I'm looking forward to all your suggestions in the comments!

Provide feedback on this episode.

  continue reading

139 episodes

#Community Radio #Tech Interviews #Linux #Open #Software Freedom #Tech News #HPR Volunteer #Hacker Public Radio #Programming #Tech #Software Development #Podcasting Education #Hobbies
Artwork

HPR4379: Mapping Municipalities' Digital Dependencies

Hacker Public Radio

91 subscribers

published

Play Playing
iconShare
 
MP3Episode home
Manage episode 482830994 series 44008
Content provided by HPR Volunteer and Hacker Public Radio. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by HPR Volunteer and Hacker Public Radio or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

This show has been flagged as Clean by the host.

In this episode, I discuss my ongoing project aimed at mapping the dependencies municipalities have on major third-party digital services, particularly focusing on Microsoft and Google , given their dominance in the market.

The aim of this research isn't about debating the quality of these products—it's assumed that with thousands of employees, these services meet most quality expectations. Instead, the focus is on the critical implications of widespread dependency and potential risks related to service interruptions or supply chain attacks.

Why is this important?

  • Supply Chain Attacks : High dependency means higher vulnerability to targeted disruptions.
  • Business Continuity : Significant risks were illustrated by incidents such as the CrowdStrike outage in July 2024 , which forced Brussels Airport back to pencil-and-paper operations temporarily.

My Research Approach:

Primarily, I analyze the DNS MX records of municipalities:

  • MX records typically reveal if mail services are hosted on Microsoft (Office 365/Exchange Online) or Google (Workspace).
  • A high probability that using these providers for email also means municipalities likely depend on the respective cloud office suite (e.g., Word/Excel/SharePoint or Docs/Sheets/Drive).

Preliminary Observations:

  • Belgium, Finland, Netherlands : Over 70% of municipalities rely heavily on Microsoft mail services, a significant warning sign of dependency.
  • Germany, Hungary : Fewer than 5% of municipalities use Microsoft or Google explicitly via MX records, though caution is necessary. Here’s why:

Challenges Identified:

  • Local MS Exchange Servers : Municipally hosted local installations aren't externally identifiable via MX records.
  • Mail Proxies : Some municipalities use mail proxy services (spam/phishing filters) obscuring the actual mail service used behind proxy domains.

Techniques Tested:

  • SPF Records : Often reveal the underlying email service, though they may contain outdated information, lowering reliability.
  • Telnet EHLO Commands : Municipalities commonly obscure their SMTP headers, limiting usefulness.
  • Cloud Provider IP-Ranges : Investigating if mail servers run on Google, Amazon, or Azure infrastructure. Even if identified, this alone doesn't clarify if proprietary or replaceable services are used.
  • TXT Records : Occasionally contain subscription keys or mail-related settings (e.g., MS subscriptions, Mailjet), but again, could be historical remnants.

Unfortunately, none of these get to show me all of the third party services.

Community Call:

I'm reaching out to listeners and the broader community for ideas or techniques on reliably fingerprinting the actual digital service providers behind mail servers. Specifically:

  • How to accurately determine if servers run Microsoft or Google services ?
  • Any ideas to detect deployments of Nextcloud or similar open-source alternatives?

Resources:

I'm looking forward to all your suggestions in the comments!

Provide feedback on this episode.

  continue reading

139 episodes

#Community Radio #Tech Interviews #Linux #Open #Software Freedom #Tech News #HPR Volunteer #Hacker Public Radio #Programming #Tech #Software Development #Podcasting Education #Hobbies

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Similar to Hacker Public Radio

Listen to 500+ topics
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play
icon
Help/FAQ | Advertise with Us
Arts|Business|Comedy|Economics|Entertainment|News|Politics|Religion
Science|Soccer|Sports|Storytelling|Technology|True Crime
Copyright 2025 | Sitemap | Privacy Policy | Terms of Service | | Copyright
Episode being played series thumbnail
icon icon
Speed
Series settings
1x
1x
Volume
100%
icon
icon icon
/

View Player FM in...
Player FM
Browser
Chrome
Safari
Firefox
Listen to this show while you explore
Play