#signingkey — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #signingkey, aggregated by home.social.
-
Beim letzten SRE Meetup gab es einen Vortrag über Post Mortems und deren Wichtigkeit.
Bester Kommentar aus dem Publikum beim Thema Post Mortem und öffentliche Transparenz: Ist jemand von Microsoft da?
-
The Comedy of Errors That Let China-Backed Hackers Steal Microsoft’s #SigningKey
After leaving many questions unanswered, #Microsoft explains in a new postmortem the series of slipups that allowed attackers to steal and abuse a valuable #cryptographic key.
#privacy #security #encryption #chinahttps://www.wired.com/story/china-backed-hackers-steal-microsofts-signing-key-post-mortem/
-
Every single news source and comment I read accepts #Microsoft 's blogpost about the "stolen" signing key as truth.
How can you believe anything they say months later? This blogpost was written by lawyers and noone else.
-
Every single news source and comment I read accepts #Microsoft 's blogpost about the "stolen" signing key as truth.
How can you believe anything they say months later? This blogpost was written by lawyers and noone else.
-
Every single news source and comment I read accepts #Microsoft 's blogpost about the "stolen" signing key as truth.
How can you believe anything they say months later? This blogpost was written by lawyers and noone else.
-
Every single news source and comment I read accepts #Microsoft 's blogpost about the "stolen" signing key as truth.
How can you believe anything they say months later? This blogpost was written by lawyers and noone else.
-
Every single news source and comment I read accepts #Microsoft 's blogpost about the "stolen" signing key as truth.
How can you believe anything they say months later? This blogpost was written by lawyers and noone else.
-
Wow, I can't imagine how much overtime the Microsoft legal department had to work for this blog post on the signing key. They are the real heroes here!
-
Wow, I can't imagine how much overtime the Microsoft legal department had to work for this blog post on the signing key. They are the real heroes here!
-
Wow, I can't imagine how much overtime the Microsoft legal department had to work for this blog post on the signing key. They are the real heroes here!
-
Wow, I can't imagine how much overtime the Microsoft legal department had to work for this blog post on the signing key. They are the real heroes here!
-
Wow, I can't imagine how much overtime the Microsoft legal department had to work for this blog post on the signing key. They are the real heroes here!
-
Good to know:
1️⃣ Without the US government, we probably wouldn't know about the #Microsoft #SigningKey #Leak at all.
2️⃣ The report ⬆️ seems to be accurate
3️⃣ Apparently, the only piece missing from the report is that the Signing Key had expired in 2021 and that the expiration time wasn't (still isn't?) checked.
https://cyberplace.social/@GossiTheDog/111019616937055010 -
Microsoft finally explains cause of Azure breach: An engineer’s account was hacked - Enlarge (credit: Getty Images)
Microsoft said the corporate ac... - https://arstechnica.com/?p=1965985 #signingkey #storm-0558 #microsoft #security #biz #azure
-
Habt Ihr von dem entwendeten #SigningKey von #Microsoft gehört? Wir haben das einmal (halbwegs ;-) verständlich zusammengefasst. Ein bisschen IT-Verständnis braucht man schon...
Der entscheidende Satz aus meiner Sicht:
"Der entwendete Signing Key ist für alle #Azure #ActiveDirectory Applikationen gültig, die sowohl persönliche Microsoft Accounts als auch sogenannte gemischte Accounts (sprich: persönliche Konten und Konten in Organisationsverzeichnissen) nutzen."
1/2 -
#Microsoft Signing Key Stolen by #Chinese - #Schneier on #Security
Actually, two things went badly wrong here. The first is that #Azure accepted an expired signing key, implying a #vulnerability in whatever is supposed to check key validity. The second is that this key was supposed to remain in the the system’s #HardwareSecurityModule —and not be in software
#privacy #China #signingkeyhttps://www.schneier.com/blog/archives/2023/08/microsoft-signing-key-stolen-by-chinese.html