Tag Archives: ITWire

It happens, sometimes the colours get into the other colours and your white stuff is no longer white. I had my issues with myself, overlooking a red sock with my white shirts and behold, I was suddenly the owner of pink shirts. This is a problem as it is not fashionable pink, but a melee of pink shades in white shirts. The fashion looks a righteous mess. This is something we all dread, and in IT land it is not different, especially when the detergent is Microsoft.

It all started (at https://www.bleepingcomputer.com/news/security/stolen-microsoft-key-offered-widespread-access-to-microsoft-cloud-services/) with ‘Stolen Microsoft key offered widespread access to Microsoft cloud services’ where we are given “Redmond revealed on July 12th that the attackers had breached the Exchange Online and Azure Active Directory (AD) accounts of around two dozen organisations. This was achieved by exploiting a now-patched zero-day validation issue in the GetAccessTokenForResourceAPI, allowing them to forge signed access tokens and impersonate accounts within the targeted organisations.” I was at first cautious. There are intense haters of Microsoft and they do not throw around any kind of evidence, as such I wondered how far this went and behold, ITWire gives us (at https://itwire.com/security/danger-from-microsoft-azure-breach-still-remains,-warns-wiz-researcher.html) ‘Danger from Microsoft Azure breach still remains, warns Wiz researcher’ and here we are given “New York-based cloud security firm Wiz has warned companies and organisations affected by the recent Microsoft Azure breach that the impact of the intrusion may be much wider than reported, and could affect applications beyond those claimed by Microsoft to be impacted.” In addition we are given “Our researchers concluded that the compromised MSA key could have allowed the threat actor to forge access tokens for multiple types of Azure Active Directory applications, including every application that supports personal account authentication, such as SharePoint, Teams, OneDrive, customers’ applications that support the ‘login with Microsoft’ functionality, and multi-tenant applications in certain conditions”, I see this as an issue. The larger scope is not merely the cloud. That thing has all kinds of security issues. No, the small ‘hidden’ text becomes “The breach came to light on 13 July, with the email account of US Commerce Secretary Gina Raimondo cited as one of the more prominent accounts to have been breached” it came to light as a ‘prominent’ account was breached. So how long was this mess there? There is a reason I do not trust Microsoft and as such I do not want them anywhere near the 50 million accounts that I see coming, or the ones that follow, which will be a massive amount of accounts. Even more I reckon as I concluded a new stage in Dubai. I saw the opportunity when I investigated the Dubai Mall, the Mall of the Emirates, the Dubai Marina Mall and the Battuta Mall. There were a few more, but the setting of malls this big all in one city was something I never considered and it gave me more ideas, more options and that made me consider the interactions of my Augmented Reality IP with two other IP’s. Actually four, but that is a story for another day. What is absolutely clear is that I do not want Microsoft anywhere near it. Not with the mess they have, so either Amazon wakes up, or Tencent technologies gets it all. I never discontinued my interest in Google, but they basically took themselves of the field. No idea where Apple is, but that is not my problem at present. You see, the larger stage is the security risk that Microsoft is and it is also seen with “The news agency said Adair’s client had not forked out what Microsoft demands for its premium security suite, and hence detailed forensic data was unavailable.” Really? They are all about the forking out, all whilst their solution is like a 45 year old prostitute claiming to be a virgin? I would suggest that forking out is the least of their problems. That is even beyond the fact that the transgressions are requiring ‘detailed forensic data’ all whilst the transgressions are what the first article is implying “by exploiting a now-patched zero-day validation issue”, all whilst IT Wire implies that the damage is well beyond the ‘pretended’ scope and as such might (a speculation from my side) not be patched, not to the degree it needed to be. And anyone wonders why I do not trust Microsoft with my IP? They haven’t been able to close their barn doors, at least since 2019, optionally long before that. So your data (and my IP) would have been at risk for well over 4 years. We are also given “This isn’t a Microsoft-specific issue, if a signing key for Google, Facebook, Okta or any other major identity provider leaks, the implications are hard to comprehend. Our industry — and especially cloud service providers — must commit to a greater level of security and transparency concerning how they protect critical keys such as this one, to prevent future incidents and limit their potential impact” This might be, but I have never seen these levels of transgressions on Google Cloud or Amazon AWS, but that is merely my point of view. Then we get an interesting side “while Microsoft had ensured that Azure Active Directory applications would not longer accept forged tokens as valid, by revoking the compromised keys, the danger from the breach still remained” well, it might be, it might not be. Microsoft stated that they had the most powerful console in the world and within 2 years that Nintendo launched the weakest nextgen console of them all, they surpassed all sales records Microsoft claimed to have had, so I am not holding my breath here. The number one question is ‘Why could Microsoft not differentiate between real tokens and forged tokens?’ That would have ben my first question, but I am not seeing that here. Possibly for very valid reasons, but the missing out is a case here. So whilst some stare at “setting up application-specific backdoors”, my issue is that with every application, the change of interaction and transgressions increase. It just does. For example (a bad and debatable one), if EVERY application has a zero day issue (pure speculation) we get with 3 applications a speculative 9 zero day problems. So what happens when the average corporation has Azure and 35 applications. This implies that this customer has 42,875 risk factors. Yes, it is a speculation, yet the ITWire article gives us this with “The full impact of this incident is much larger than we Initially understood it to be”, as well as “We must learn from it and improve”, a setting that sounds nice, but consider that Azure was launched 14 years ago, if you are still learning, you have a much larger problem. In December 2020 I wrote ‘Historic view versus reality’ (at https://lawlordtobe.com/2020/12/26/historic-view-versus-reality/) there I quotes the No Such Agency giving us “National Security Agency warns hackers are forging cloud authentication information”, as such the Microsoft claim “Microsoft had ensured that Azure Active Directory applications would not longer accept forged tokens as valid” as a hollow joke. The NSA made the statement 3 years ago, as such Microsoft should have put (buggy) solutions in place to stop forged keys, but it seems they never did. Another mess they made with their own hands. Don’t take my word on this, the NSA send out warnings in 2020. Warnings that Microsoft seemingly never took to heart. Still happy with your blue cloud? I reckon it is time for people to consider Amazon AWS, Apple iCloud, Google Cloud (GCP), Oracle Cloud or wherever you will be trying to keep your data safe, as I personally see it Microsoft is not that place and with that they are scuttling yet another (what I personally like to call) a spin system, just like a washing machine trying to tumble dry your data on servers where you do not have access to them. But that might be my short sighted feel on the matter.

Enjoy the day, Monday is now but a day away.