Email or username:

Password:

Forgot your password?
Karl Voit :emacs: :orgmode:'s posts Post Back to profile
Karl Voit :emacs: :orgmode:

After basically the whole #Microsoft #Azure cloud was hacked (see list of related sources on karl-voit.at/cloud/ ), the first follow-up incidents went public caused by missing containment actions:

60,000 emails were stolen from 10 #USA #StateDepartment accounts
reuters.com/world/us/chinese-h

If you didn't understand until now: basically EVERYTHING at Microsoft got hacked and Microsoft can't (or won't) get rid of the intruders. Everything authenticated by Microsoft is tainted. Even #Windows auth.

29 Sep 2023 at 9:42 | Open on graz.social
12 comments
Yet Another EU Nerd

@publicvoit Could you go a little bit more in depth about:

> Microsoft can't (or won't) get rid of the intruders

P.S. I must admit I didn't read your article on karl-voit.at; was a little bit too long sorry πŸ™

29 Sep 2023 at 11:48 | Open on fosstodon.org
Karl Voit :emacs: :orgmode:

@yaeunerd Sure.

In simple words: #Microsoft lost one of their master keys to unlock very important parts of their cloud. This connects to all MS services that do authenticate by MS which includes most #Windows setups as well.

This happened long time ago, some people think it was the Chinese.

They were able to implant #backdoors, self-made keys, ... all over the place.

In order to fix that, MS would need to kill all their connected hosts and start from scratch. It's obvious why they don't.

29 Sep 2023 at 12:41 | Open on graz.social
Christian Tietze

@publicvoit I *love* that you're keeping such a long historic list!

Reminds me of @mjtsai's Review Rejections at mjtsai.com/blog/tag/rejection/ or web3isgoinggreat.com/ :)

(It's also horrible that the list could become so long.)

29 Sep 2023 at 12:24 | Open on mastodon.social
:verified_2:防空識εˆ₯ε€π’”π’π’„πŸΆ

@publicvoit@graz.social Wow, that really sucks for users of Microsoft products and services. Oh, well! ​:panopticon:​​:gnutroll:​

29 Sep 2023 at 14:12 | Open on soc0.outrnat.nl
kikebenlloch

@publicvoit Fuck me, I had no idea, the volume of this shitload is unreal.

29 Sep 2023 at 14:32 | Open on mastodon.social
Karl Voit :emacs: :orgmode:

If #Microsoft has any (internal) trust relation between the hacked #Azure certificates and #GitHub, we need to consider GitHub as hacked/tainted.

29 Sep 2023 at 14:35 | Open on graz.social
Karl Voit :emacs: :orgmode:

Now that I have migrated some of my hosts to #NixOS, I do have a bad feeling because of #Microsoft and most probably GitHub being hacked.

As mentioned on karl-voit.at/2023/09/12/nix/ the deep #GitHub dependency turns out to be a real downer for this OS.

#security #integrity

29 Sep 2023 at 14:36 | Open on graz.social
David Clubb

@publicvoit I hear so many positive things about this on various podcasts (you probably know the ones), but I once tried it and couldn't even get to a useable desktop environment. That was a while back but I will stick with other OSs for now; and maybe if I go immutable I will try #Fedora first

29 Sep 2023 at 14:41 | Open on toot.wales
Alexander Sosedkin
@publicvoit

> For example, when GitHub would be out of business or the service is down for some other reason, NixOS would probably be dead. Its main repositories are on GitHub and there is no obvious fall-back concept to other repositories hosted on different services.

This is just plain false. Flakes and channels can point anywhere; the only thing that'd need special care to move is the registry repo that points to all the other repos.
@publicvoit

> For example, when GitHub would be out of business or the service is down for some other reason, NixOS would probably be dead. Its main repositories are on GitHub and there is no obvious fall-back concept to other repositories hosted on different services.
29 Sep 2023 at 14:46 | Open on social.unboiled.info
Roomey

@publicvoit many years ago (the 90s) if you were online you assumed everything you said and did was getting scraped by the NSA/ Americans. I don't think much has changed. If you want to keep something private, try to keep it off the web.

It is safe to assume (big) nation states have access to everything, or if not, hoover up everything they can and will have access soon enough.

29 Sep 2023 at 14:39 | Open on mastodon.ie
Karl Voit :emacs: :orgmode:

@roomey Well, I somewhat disagree here.

If you assumed state actors, especially USA state actors you may be right.

However, now it's some hacker group that can share their knowledge with anybody. So the potential group of attackers is now extended to basically anybody who somehow was able to get in touch with the hackers who hacked Microsoft.

That's a totally different game now.

Furthermore, it's not only privacy that's in danger here. It's the whole set of en.wikipedia.org/wiki/Informat

@roomey Well, I somewhat disagree here.

If you assumed state actors, especially USA state actors you may be right.

However, now it's some hacker group that can share their knowledge with anybody. So the potential group of attackers is now extended to basically anybody who somehow was able to get in touch with the hackers who hacked Microsoft.

29 Sep 2023 at 15:01 | Open on graz.social
Christian Stankowic

@publicvoit We really need an user-friendly alternative to #GitHub. Love seeing that both @forgejo and #GitLab work on ActivityPub support. Can't wait to try it out.

29 Sep 2023 at 14:59 | Open on chaos.social
Go Up