25 votes

Microsoft lost its keys, and the US government got hacked

4 comments

  1. Bipolar
    Link
    why were they on different plans? Btw this is a perfect example of why having a backdoor in encryption doesn’t work, yet people still put up bills mandating back doors in order “to protect the...

    Microsoft is also taking heat for reserving security logs for the government accounts with the company’s top-tier package that may have helped other incident responders identify malicious activity.

    CNN first reported that the State Department initially detected the breach and reported it to Microsoft. But not every government department had the same level of security logging, which according to The Wall Street Journal was available to departments with higher-paid tier Microsoft accounts but not others.

    why were they on different plans?

    Btw this is a perfect example of why having a backdoor in encryption doesn’t work, yet people still put up bills mandating back doors in order “to protect the kids”

    Also for some reason I through we had a 3 letter agency somewhere that would have made sure all the other agencies followed proper security procedures.

    17 votes
  2. [2]
    skybrian
    Link
    From the article:

    From the article:

    Microsoft still doesn’t know — or want to share — how China-backed hackers stole a key that allowed them to stealthily break into dozens of email inboxes, including those belonging to several federal government agencies.

    In a blog post Friday, Microsoft said it was a matter of “ongoing investigation” how the hackers obtained a Microsoft signing key that was abused to forge authentication tokens that allowed the hackers’ access to inboxes as if they were the rightful owners. Reports say targets include U.S. Commerce Secretary Gina Raimondo, U.S. State Department officials and other organizations not yet publicly revealed.

    12 votes
    1. NotepadAlternative
      Link Parent
      I understand why they don't want to share. Would you be able to live with the fact that you got dunked on as one of the companies with (seemingly) the most airtight security? Hope they recover though.

      I understand why they don't want to share. Would you be able to live with the fact that you got dunked on as one of the companies with (seemingly) the most airtight security? Hope they recover though.

      5 votes
  3. AFuddyDuddy
    Link
    Government security is a joke, when it comes to crap like this. It's likely these people decided that elevating alternate accounts was too much work, or not validation 2fa was. And people click on...

    Government security is a joke, when it comes to crap like this.

    It's likely these people decided that elevating alternate accounts was too much work, or not validation 2fa was.

    And people click on phishing links ALL THE TIME

    4 votes
  4. Comment removed by site admin
    Link