|Posted: 2018-Aug-01 00:44 by Predator Research|
|Posted: 2018-Aug-21 12:12 by news bot|
|Posted: 2018-Sep-20 14:06 by news bot|
|Posted: 2018-Oct-25 13:41 by news bot|
|Posted: 2021-Sep-01 14:20 by news bot|
Researchers have discovered a massive flaw in Microsoft's Azure cloud platform and are urging all users to change their digital access keys.
Microsoft is warning customers of a devastating vulnerability in one of its cloud database products, used by thousands of organizations, that appears to have been present for years without anyone being aware of it. Microsoft Azure Cosmos DB cloud databases have had their read-write keys exposed by the flaw, allowing an attacker to not just access the contents but also to change or delete them.
The vulnerability was discovered by security researchers and reported confidentially to Microsoft, which sent an email to customers indicating it has seen no evidence that outside parties have exploited it. However, the company is advising its Cosmos DB customers to create new keys via the “Keys” menu in the Azure portal.
|Posted: 2021-Sep-01 17:00 by SIC55|
I <3 Microsoft, but this is just no longer acceptable. Even great companies with vast resources like MSFT are failing over and over again to develop secure systems because the matrix is flawed.
Don't want to make this about me, or Microsoft, but I'm a full stack developer with deep knowledge of network infrastructure. The TCP/IP stack is the problem. It was not designed to be secure. Security is papered in over top by various third parties who have legal obligations to comply with regional strongmen and government institutions for purposes of law enforcement.
Look, I love the various institutions of law enforcement. They serve a valuable social function. The people employed in the profession are by and large decent, hard working heros who act consistently to make the world a better place.
It is also a fact that 5% of the human population is psychopathic. Psychopaths are generally smart, capable people who have no trouble blending in with their community.
Some small percentage of law enforcement is actively engaged in predation of the communities they are tasked to protect and serve. There are agencies within law enforcement tasked with rooting out such abuse, but it is impossible to escape the logic that such agencies exist because it is an ongoing problem.
I recently heard a old country song about a back woods southern lawyer and a judge with blood on his hands snuffing out the light in Georgia.
Proponents of the theory of legal realism would likely support the assertion that the law only matters to people with the power to apply it moment to moment. Online those moments are N=∞ .
In other words, if you store data on a publicly connected network, it will be stolen.
|Posted: 2021-Sep-02 11:54 by Danziger|
Bro, thats not possible. These big cloud providers like Google and Amazon wouldn't be making the kind of investments they do into internet technology if they cannot secure the system. Millions of companies are putting their customer data in the cloud. Silicon valley exists atop the internet! I just can't believe it!
|Posted: 2021-Sep-03 11:30 by SIC55|
They know it. They just don't care. It is relatively easy to say shit like "We're helping fight terrorists" and "its the law, we have no choice" while collecting the fat checks these services generate.Worse - and to be clear I'm not saying Microsoft engages in anything like this but - there are a TON of high valuation silicon valley companies who operate models designed to EXPLOIT the fact that there is no security online. They compel their clients to put proprietary intellectual property on their supposedly secure cloud systems, then have their internal teams and outside consultants comb the data for purposes of expropriation. Its theft. Its fraud. And nobody cares.
|Posted: 2021-Sep-05 01:06 by Warlord|
I care. Tell us more.
|Posted: 2021-Sep-09 19:49 by SIC55|
I don't want to discuss it here. I like MSFT. I think they do as good a job as can be done in the space. Financial results under Satya Nadella are consistently impressive. It seems like his people try to do good. They may wish to consider better product diversity. Remember how we got here and how long it took. There is likely to be increased demand for air-gapped technical solutions going forward.
To discuss the broader topic of information systems security I started a thread here.
|Posted: 2021-Sep-17 18:34 by news bot|
Sources suggest cloud executive Charlie Bell is moving from Amazon to Microsoft where he will oversee cybersecurity operations to address digital fraud, ransomware attacks and public exposure of private data. Bell will report directly to Microsoft Chief Executive Officer Satya Nadella as the firm tries to address the recent string of high profile hacks.
Donate Litecoin: MKCsGvruRa6tbrm4h6paswHgGbrN2yxn9X
Predator Trading Group