Has Microsoft cut security corners once too often?

Caute_cautim · ‎08-07-2023

Hi All

Computerworld has a very interesting article on Microsoft, well worth reading:

https://www.computerworld.com/article/3704132/has-microsoft-cut-security-corners-once-too-often.html

Do you agree or disagree?

Regards

Caute_Cautim

denbesten · ‎08-07-2023

The article stated “Had they stored and managed in an HSM, this whole (China) thing would not have been possible [said Oberlaender]”.

This is the crux of the problem. No, not the lack of an HSM, but rather the focus on the "one" root cause. Bullet proof does not exist. Security should come in multiple bullet-resistant layers. See Swiss cheese model.

An encryption key was compromised. That happens and over time as technology improves (looking at you SSL) That is one layer that failed. Somebody apparently failed to check an expiration date. Bugs are a known factor in computing. That is another layer that fails on a seemingly daily basis.

The bigger goal needs to be multiple security layers (identity, encryption, validating pedigree of data, routing, physical cabling, guards-with-guns, etc.) all working together to protect the target, each designed to fail loudly and leaving the other layers intact.

Caute_cautim · ‎08-08-2023

@denbestenAs we all know, it only takes one break in the layers for it to be exploited. Given the organisation, this simply should not have happened had they have correct compliance checks in place. For instance, they have to report to their CEO every 90 days based on the SOX Act.

It appears to me, that they are not doing their due diligence rigorously - simply mistakes like this normally result in financial penalties against the organisation. The issue with Microsoft is they have grown so big, they have forgotten the basics, and many of those checks should be automated and validated to reduce the likelihood of these issues.

It is not good enough - discounts to client

Regards

Caute_Cautim

charlie323a · ‎08-09-2023

An encryption key was compromised. That happens and over time as technology improves (looking at you SSL) That is one layer that failed. Somebody apparently failed to check an expiration date. Bugs are a known factor in computing. That is another layer that fails on a seemingly daily basis.

Spotiflyer

Caute_cautim · ‎08-11-2023

Another critic from Crowdstrike has come out swinging about Microsoft and security:

https://www.forbes.com/sites/tonybradley/2023/08/10/crowdstrike-microsoft-is-failing-at-security/?sh...

Regards

Caute_Cautim

denbesten · ‎08-11-2023

@Caute_cautim wrote:
it only takes one break in the layers for it to be exploited.

But hopefully a break in one layer only affects that layer. In Azure IAAS, we do not assign public IPs directly to hosts. Instead, we assign the public IP to a 3rd party firewall which NATs to the internal host. This means that for someone to breach our host, it is necessary to both exploit a firewall vulnerability and an Azure vulnerability. This is what I mean by layers.

Unfortunately, Azure fights 3rd party firewalls every step of the way by breaking deployment templates if one administratively disables public IPs; by enabling public IPs by default on their PAAS stuff, requiring SAAS be visible over internet (one cannot deny access to the login prompt). And, if we were to host the firewall in Azure, their "routing" [sic] has no concept of a firewall with interfaces in two different routing domains, so routing-around-the firewall is a constant risk.

Caute_cautim · ‎08-29-2023

Hi All

Here is a follow up to this issue.

https://securityintelligence.com/articles/lessons-learned-from-the-microsoft-cloud-breach/

Regards

Caute_Cautim

Caute_cautim · ‎09-09-2023

Hi All

A follow up to the original reports:

https://www.darkreading.com/attacks-breaches/microsoft-ids-security-gaps-that-let-threat-actor-steal...

Regards

Caute_Cautim