Hackers stole a cryptographic key that let them forge user identities and slip past defenses.

  • Zeth0s@lemmy.world
    link
    fedilink
    English
    arrow-up
    31
    ·
    edit-2
    1 year ago

    What I don’t understand how this is not a mainstream news. This could have potentially impacted so many companies and governments… This is huge and it deserves to be widely known. Same hacking technique could have been used elsewhere. It requires a broad investigation

    • enu@lemm.ee
      link
      fedilink
      English
      arrow-up
      18
      ·
      1 year ago

      I’m with you there. More and more of these companies are shifting from on-premise hosting of their files to the cloud. On-premise required each company to have been breached individually for a bad actor to gain access. Now all of them moving to M365 in the same MS cloud means just a single breach gives access to a nearly bottomless amount of data. Just seems like companies are making short sighted choices for cost reduction over thinking about the potential long-term repercussions for putting their intellectual property and untimely their fates, in the hands of third party.

      • Qualanqui@lemmy.fmhy.ml
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        1
        ·
        1 year ago

        Just seems like companies are making short sighted choices for cost reduction over thinking about the potential long-term repercussions for putting their intellectual property and untimely their fates, in the hands of third party.

        Welcome to late stage capitalism baby! It’ll only be a short stay though because these assholes are going to implode the planet looking for their next quick buck.

        • Obsession@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          5
          arrow-down
          3
          ·
          edit-2
          1 year ago

          I swear sometimes it feels like capitalism is the boogeyman behind everything with some people.

          This has nothing to do with late stage capitalism and everything to do with how cheap compute is becoming. Fact is that it’s just much more convenient to have everything in a managed cloud. You don’t need to manage your own servers, take care of maintenance, upgrades, etc. This removes a fuckton of overhead from your organization.

          I’ve been part of on prem to cloud transitions at 3 different companies, and I saw the benefits firsthand. You can replace entire departments, and the contract your signing means you’re protected against pretty much any fuckup from the provider’s side.

          Not to mention, I guarantee Microsoft’s cloud is more secure than 99.9% of the server rooms it replaced.

          • anon@kbin.social
            link
            fedilink
            arrow-up
            2
            ·
            1 year ago

            I agree with you.

            A company’s core business and skillset is rarely to manage an on-prem IT infrastructure, which is a highly complex endeavor these days. Security most always benefits from being put in the hands of cloud providers such as Microsoft, Amazon, or Google, who can mobilize the best talent and apply economies of scale and modern best practices to cybersecurity across an entire stack.

            It also means far fewer liability headaches for the companies that transfer this difficult and onerous responsibility to cloud providers. It’s not even necessarily cheaper to go full cloud; I’ve seen multiple examples where it wasn’t, but the reduction in complexity and liability made common sense. So even the “LaTe-StAgE CaPiTaLiSm!!” claim is just a tired trope at this point.

            It’s easy to focus on one publicized exploit of Microsoft’s cloud like this one, and not see the other side of the argument of how many exploits were avoided over the years by not having individual companies manage their own servers. It’s still entirely plausible that the general move to cloud infrastructure since the late 2000s is a net win for cybersecurity in aggregate.

            I would also add that whether other cloud customers might be breached simultaneously in the extremely rare event of a cloud-wide exploit is not a consideration when a company decides to move from on-prem to cloud. It’s just a Moloch problem that doesn’t and shouldn’t concern them.

          • artisanrox@kbin.social
            link
            fedilink
            arrow-up
            2
            arrow-down
            2
            ·
            1 year ago

            You don’t need to manage your own servers, take care of maintenance, upgrades, etc. This removes a fuckton of overhead from your organization.

            …in other words, capitalism is capitalisming.

      • stealth_cookies@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        ·
        1 year ago

        Is there really much of a difference in this case? If your on prem software has a vulnerability and it is connected to the internet then it is just as vulnerable as the same software on a cloud provider. I would argue the cloud one is more likely to be set up more securely.

        Cloud certainly has some different risks but I can’t definitively say it is short sighted and more risky compared to an on prem solution that a typical IT department would implement.

      • ghostwolf@lemmy.fakeplastictrees.ee
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        These things are inevitable whether you host everything yourself or in the cloud. The latter simply has to be more secure than the former. And it probably is in many cases.

      • plz1@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Well partly. Microsoft hosts US government data in a separate cloud than the rest of us, but having that get popped is pretty bad with all the FedRAMP security stuff in play.

  • sadreality@kbin.social
    link
    fedilink
    arrow-up
    12
    arrow-down
    1
    ·
    1 year ago

    ThE ClOuD = u give us money, you give us data, we will let you and every one else access it

    • Fantasy@lemmy.world
      link
      fedilink
      English
      arrow-up
      15
      ·
      1 year ago

      Perhaps you don’t personally, but it’s very likely your government and companies you interact with do