Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://freespeechextremist.com/objects/9aede2a9-ca43-4dc8-81e8-4a735d68c6b9">pistolero :thispersondoesnotexist: (p@freespeechextremist.com)'s status on Tuesday, 08-Aug-2023 04:38:15 JST</a><a href="https://freespeechextremist.com/users/p" title="p@freespeechextremist.com"><img src="https://gnusocial.jp/avatar/701-48-20220723171505.webp" width="48" height="48" alt="pistolero :thispersondoesnotexist:" style="position: absolute; left: 0; top: 0;">pistolero :thispersondoesnotexist:</a></section><article><a href="https://www.schneier.com/blog/archives/2023/08/microsoft-signing-key-stolen-by-chinese.html">https://www.schneier.com/blog/archives/2023/08/microsoft-signing-key-stolen-by-chinese.html</a><br><br>&gt; The first is that Azure accepted an expired signing key, implying a vulnerability in whatever is supposed to check key validity. The second is that this key was supposed to remain in the the system’s Hardware Security Module—and not be in software. This implies a really serious breach of good security practice. The fact that Microsoft has not been forthcoming about the details of what happened tell me that the details are really bad.<br><br>^___________________^<br><a href="https://freespeechextremist.com/media/331e6d4d-2186-4305-a83d-b1d701867730/hackedbychinese.gif?name=hackedbychinese.gif">hackedbychinese.gif</a></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/1919329#notice-3767446">In conversation</a><time datetime="2023-08-08T04:38:15+09:00" title="Tuesday, 08-Aug-2023 04:38:15 JST">about a year ago</time> <span>from <span><a href="https://freespeechextremist.com/objects/9aede2a9-ca43-4dc8-81e8-4a735d68c6b9" rel="external" title="Sent from freespeechextremist.com via ActivityPub">freespeechextremist.com</a></span></span><a href="https://freespeechextremist.com/objects/9aede2a9-ca43-4dc8-81e8-4a735d68c6b9">permalink</a><h4>Attachments</h4><ol><li><article><header><div>No result found on File_thumbnail lookup.</div><h5><a href="https://www.schneier.com/blog/archives/2023/08/microsoft-signing-key-stolen-by-chinese.html">Microsoft Signing Key Stolen by Chinese</a></h5><div> from <span>Bruce Schneier</span></div></header><div></div><footer></footer></article></li><li><label><a rel="external" href="https://gnusocial.jp/attachment/1378750">hackedbychinese.gif</a></label><br><a href="https://freespeechextremist.com/media/331e6d4d-2186-4305-a83d-b1d701867730/hackedbychinese.gif?name=hackedbychinese.gif" rel="external">https://freespeechextremist.com/media/331e6d4d-2186-4305-a83d-b1d701867730/hackedbychinese.gif?name=hackedbychinese.gif</a></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
pistolero :thispersondoesnotexist: (p@freespeechextremist.com)'s status on Tuesday, 08-Aug-2023 04:38:15 JST pistolero :thispersondoesnotexist:
https://www.schneier.com/blog/archives/2023/08/microsoft-signing-key-stolen-by-chinese.html

> The first is that Azure accepted an expired signing key, implying a vulnerability in whatever is supposed to check key validity. The second is that this key was supposed to remain in the the system’s Hardware Security Module—and not be in software. This implies a really serious breach of good security practice. The fact that Microsoft has not been forthcoming about the details of what happened tell me that the details are really bad.

^___________________^
hackedbychinese.gif
In conversationabout a year ago from freespeechextremist.compermalink
Attachments
1. No result found on File_thumbnail lookup.
  Microsoft Signing Key Stolen by Chinese
  from Bruce Schneier
2. hackedbychinese.gif
  https://freespeechextremist.com/media/331e6d4d-2186-4305-a83d-b1d701867730/hackedbychinese.gif?name=hackedbychinese.gif

Public

Embed Notice

HTML Code

Corresponding Notice