this post was submitted on 09 Aug 2023
57 points (100.0% liked)

chapotraphouse

13 readers
1 users here now

Banned? DM Wmill to appeal.

No anti-natilasm posts. See: Eco-fascism Primer

Vaush posts go in the_dunk_tank

founded 4 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
57
🫑🫑🫑Link in description (hexbear.net)
submitted 2 years ago by [email protected] to c/[email protected]
18 comments fedilink hide all child comments
 

https://www.microsoft.com/en-us/security/blog/2023/07/14/analysis-of-storm-0558-techniques-for-unauthorized-email-access/

all 29 comments
sorted by: hot top controversial new old
[–] [email protected] 19 points 2 years ago

This was made possible by a validation error in Microsoft code

lol microsoft

[–] [email protected] 16 points 2 years ago* (last edited 2 years ago)

amerikkka xicko

[–] [email protected] 10 points 2 years ago

yes-hahaha-yes-l

xinternet

[–] [email protected] 10 points 2 years ago

deng-salute

[–] [email protected] 10 points 2 years ago (2 children)

What can they do with a signing key?

[–] [email protected] 12 points 2 years ago* (last edited 2 years ago) (1 children)

Leak Hillary Clinton Emails

[–] [email protected] 7 points 2 years ago

delicious buttery mails

[–] [email protected] 9 points 2 years ago (1 children)

Pretend to be someone they aren't

An actor that can acquire a private signing key can then create falsified tokens with valid signatures that will be accepted by relying parties. This is called token forgery.

[–] [email protected] 7 points 2 years ago (1 children)

Oh cool so they can distribute updates?

[–] [email protected] 4 points 2 years ago (1 children)

The article just says they signed authentication tokens which gave them access to outlook emails. I don't think it was code signing that would let them distribute software, and that's not what they were after.

[–] [email protected] 3 points 2 years ago

Thanks for actually reading the article o7

[–] [email protected] 9 points 2 years ago

Is that hacker news over telegram?

[–] [email protected] 6 points 2 years ago* (last edited 2 years ago) (1 children)

I really struggle to believe that a military performing espionage actions is stupid enough to operate without spreading hours of operation in a harder to track way. But maybe they don't give a shit? Just seems like something you could easily hide.

EDIT: Question - Why would an inactive microsoft consumer account have the ability to forge tokens for Outlook.com? Would this not limit it to a specific subset of accounts?

We determined that Storm-0558 was accessing the customer’s Exchange Online data using Outlook Web Access (OWA).

Ahh yes, this would be one specific customer of microsoft that was targeted. Hopefully the NSA or some shit lmao

[–] [email protected] 2 points 2 years ago (1 children)

Really makes you think

[–] [email protected] 2 points 2 years ago* (last edited 2 years ago) (1 children)

Yeah you can go full conspiracy brain with this if you want to question whether microsoft and the state would collaborate for propaganda. I'm not quite so tinfoil hat but there's certainly questions.

[–] [email protected] 2 points 2 years ago (1 children)

Calling everything potential Inter-intel-agency warfare is my favorite new tinfoil one-upmanship move

[–] [email protected] 1 points 2 years ago

The more things deteriorate the more sus everything everywhere looks.

[–] [email protected] 5 points 2 years ago

I have just skimmed this so maybe it's answered, but seems the entire thing boils down to:

Storm-0558 acquired an inactive MSA consumer signing key

How?