Kris
Microsoft, the company that lost the cryptographic keys that protected their cloud customers from attackers, now lost important log files.
People go to the cloud, despite the fact that cloud is more expenive than on-premises by a factor of 5, because cloud promises to get operations right so that companies can outsource that and focus on dev.
Microsoft is NOT an operations company at all.
It can't cloud.
Kris
https://follow.agwa.name/notice/AoZSMI38xcA3TrN1sm
Microsoft doesn't know how to do operations.
Kris
https://cyberplace.social/@GossiTheDog/113534774251010222
Microsoft can't cloud because it doesn't know how to do operations
Kris
Microsoft can't cloud anymore, because one of their providers, edg.io, is bankrupt (and instead of doing the clouding themselves, which they could have been doing, they did not, and now suddenly have to move a lot of things around).
Original posting
leading to
Microsoft assures us that "No other party will ever have access to use these domains", so maybe they will not immediately become malware distribution endpoints.
https://learn.microsoft.com/en-gb/azure/frontdoor/migrate-cdn-to-front-door
If you had been using Azure CDN, you have work to do.
Digicert dropped IPv6.
A lot of other people may also be affected.
Kris
https://www.heise.de/news/Microsoft-Azure-MFA-Schutz-war-aushebelbar-10198961.html
Microsoft can't cloud because it doesn't know how to do operations
Kris
Microsoft can't cloud because, well Microsoft can't.
https://archive.ph/6vq4f
Freed version
But Amazon paused the rollout after Microsoft discovered a Russia-linked hacker group had gained access to some of its employees’ email accounts. After conducting its own analysis of the software, Amazon asked for changes to guard against unauthorized access and create a more detailed accounting of user activity in the apps, some of which Microsoft also markets as Office 365.
Kris
Microsoft can't cloud...
Was ist aus "Stromversorgung der Rechenzentren mit AI optimieren" geworden?
Kris
Microsoft not only can't cloud, they actually can't. Like not anything at all.
https://media.ccc.de/v/38c3-from-simulation-to-tenant-takeover
From Simulation to Tenant TakeoverThen I tried building a phishing simulation program myself and the last thing I needed was to allowlist my IP address in Exchange Online.
I ended up in a rabbit hole where I discovered that Microsoft outsourced their support department to a Chinese company that wanted all my access tokens.
I then tried intercepting client-side requests made by the Security & Compliance center with the goal of replaying these to a backend API, only to discover that by fiddling with some parameters I could now hijack remote PowerShell sessions and access Microsoft 365 tenants that were not mine. Tenants where I could now export everything, e-mail, files, etc.
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.