Microsoft has never been good at security, and that is why their centralization to cloud is a...

iscoelho • today at 3:22 PM • 2 replies • view on HN

Microsoft has never been good at security, and that is why their centralization to cloud is absolutely terrifying.

I'm reminded of Storm-0558 [1] where a stolen signing key was able to forge authentication tokens for any MSA / Azure AD / Government AD user. They downplayed the severity. Just imagine if that level of access was used to pull a Stryker on a nation-wide scale. That is an economic disaster waiting to happen.

[1] https://www.microsoft.com/en-us/security/blog/2023/07/14/ana...

Replies

Rygian • today at 3:39 PM

I'll do you one better: stealing the signing key was not even necessary.

https://www.bleepingcomputer.com/news/security/microsoft-ent...

➕ show 2 replies

notepad0x90 • today at 5:25 PM

Oh please, that could happen at any company. Humans screw up.

➕ show 1 reply

alt Hacker News

Replies