Ooops!? I mean what can a person really say about this other than this was an epic failure on Microsoft’s part. Either through hubris, lack of oversight, or just good plain old incompetence of management the Chinese have the keys to the castle. This really highlights the inherent weakness of proprietary software solutions and (in)security through obscurity. This is why everything I do that is not related to my job as a Windows desktop support engineer is going to be on open source.
Microsoft Signing Key Stolen by Chinese - Schneier on Security
Submitted 1 year ago by sv1sjp@lemmy.world to cybersecurity@infosec.pub
https://www.schneier.com/blog/archives/2023/08/microsoft-signing-key-stolen-by-chinese.html
Comments
housepanther@lemmy.goblackcat.com 1 year ago
assembly@lemmy.world 1 year ago
How does one even recover from this. I guess the assumption stays the same that everything on a corp network is compromised. Can’t imagine this is going to win Azure new business for DoD workloads.
detoxlife@exploding-heads.com 1 year ago
Maybe our government shouldn’t be using corporate products. Maybe we should use that shit ton of money in our military budget to create our own software.
Sabata11792@kbin.social 1 year ago
The government could save so much money gathering data directly instead of buying it from Microsoft.
xylogis@infosec.pub 1 year ago
Remember the OPM hack? Remember when pretty much every bit of PII for everyone in the government leaked? What makes you think the US government could do a better job?
Nougat@kbin.social 1 year ago
detoxlife@exploding-heads.com 1 year ago
Apple OSX clone.
hillbicks@feddit.de 1 year ago
Jesus fucking Christ… I really did not expect this from Microsoft I have to say. The first one is strange already but the second one? Really looking forward to their explanation of this cluster fuck…