all InfoSec news
Microsoft Signing Key Stolen by Chinese
Schneier on Security www.schneier.com
A bunch of networks, including US Government networks, have been hacked by the Chinese. The hackers used forged authentication tokens to access user email, using a stolen Microsoft Azure account consumer signing key. Congress wants answers. The phrase “negligent security practices” is being tossed about—and with good reason. Master signing keys are not supposed to be left around, waiting to be stolen.
Actually, two things went badly wrong here. The first is that Azure accepted an …
access account authentication azure backdoors china chinese congress consumer cybersecurity email good government hacked hackers hacking key keys master microsoft microsoft azure networks practices security signing signing key stolen tokens