Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
iscoelho 3 hours ago

Microsoft has never been good at security, and that is why their centralization to cloud is absolutely terrifying.

I'm reminded of Storm-0558 [1] where a stolen signing key was able to forge authentication tokens for any MSA / Azure AD / Government AD user. They downplayed the severity. Just imagine if that level of access was used to pull a Stryker on a nation-wide scale. That is an economic disaster waiting to happen.

[1] https://www.microsoft.com/en-us/security/blog/2023/07/14/ana...

Rygian 3 hours ago | parent | next [-]

I'll do you one better: stealing the signing key was not even necessary.

https://www.bleepingcomputer.com/news/security/microsoft-ent...

iscoelho 3 hours ago | parent | next [-]

I knew there was another incident that I was forgetting, insanity... I don't understand how Microsoft keeps getting away with this and everyone just forgets.

someguyiguess 16 minutes ago | parent [-]

When people's income depends on them forgetting... they tend to become amnesiacs.

natas an hour ago | parent | prev [-]

because time to market is more important than security (at microsoft)

notepad0x90 an hour ago | parent | prev [-]

Oh please, that could happen at any company. Humans screw up.