chapotraphouse

13 readers

1 users here now

Banned? DM Wmill to appeal.

No anti-natilasm posts. See: Eco-fascism Primer

Vaush posts go in the_dunk_tank

founded 4 years ago

MODERATORS

[email protected]

🫡🫡🫡Link in description (hexbear.net)

submitted 2 years ago by [email protected] to c/[email protected]

18 comments fedilink hide all child comments

https://www.microsoft.com/en-us/security/blog/2023/07/14/analysis-of-storm-0558-techniques-for-unauthorized-email-access/

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 10 points 2 years ago (2 children)

What can they do with a signing key?

[–] [email protected] 12 points 2 years ago* (last edited 2 years ago) (1 children)

Leak Hillary Clinton Emails

[–] [email protected] 7 points 2 years ago

delicious buttery mails

[–] [email protected] 9 points 2 years ago (1 children)

Pretend to be someone they aren't

An actor that can acquire a private signing key can then create falsified tokens with valid signatures that will be accepted by relying parties. This is called token forgery.

[–] [email protected] 7 points 2 years ago (1 children)

Oh cool so they can distribute updates?

[–] [email protected] 4 points 2 years ago (1 children)

The article just says they signed authentication tokens which gave them access to outlook emails. I don't think it was code signing that would let them distribute software, and that's not what they were after.

[–] [email protected] 3 points 2 years ago

Thanks for actually reading the article o7