PrivacyDigest · @PrivacyDigest
570 followers · 2185 posts · Server mas.to
The Comedy of Errors That Let China-Backed Hackers Steal Microsoft’s #SigningKey
After leaving many questions unanswered, #Microsoft explains in a new postmortem the series of slipups that allowed attackers to steal and abuse a valuable #cryptographic key.
#privacy #security #encryption #china
https://www.wired.com/story/china-backed-hackers-steal-microsofts-signing-key-post-mortem/
#China #encryption #security #privacy #cryptographic #Microsoft #signingkey
Tech news from Canada · @TechNews
992 followers · 27479 posts · Server mastodon.roitsystems.ca
Ars Technica: Microsoft finally explains cause of Azure breach: An engineer’s account was hacked https://arstechnica.com/?p=1965985 #Tech #arstechnica #IT #Technology #signingkey #storm-0558 #microsoft #Security #Biz&IT #azure
#Tech #arstechnica #it #technology #signingkey #storm #microsoft #security #biz #azure
Christoffer S. · @nopatience
1417 followers · 571 posts · Server swecyb.comDid Microsoft publish more information about the origin of the MSA signing key?
I don't recall having seen any updates after the "original" post from July 11.
#microsoft #signingkey #intrusion #cyberattack
PrivacyDigest · @PrivacyDigest
525 followers · 1948 posts · Server mas.to#Microsoft Signing Key Stolen by #Chinese - #Schneier on #Security
Actually, two things went badly wrong here. The first is that #Azure accepted an expired signing key, implying a #vulnerability in whatever is supposed to check key validity. The second is that this key was supposed to remain in the the system’s #HardwareSecurityModule —and not be in software
#privacy #China #signingkey
https://www.schneier.com/blog/archives/2023/08/microsoft-signing-key-stolen-by-chinese.html
#signingkey #China #privacy #hardwaresecuritymodule #vulnerability #azure #security #schneier #chinese #Microsoft