A stolen Microsoft security key may have allowed Beijing-backed spies to break into a lot more than just Outlook and Exchange Online email accounts.
Incredibly as it sounds, and it really does deserve wider coverage, someone somehow obtained one of Microsoft’s internal private cryptographic keys used to digitally sign access tokens for its online services. With that key, the snoops were able to craft tokens to grant them access to Microsoft customers’ email systems and, crucially, sign those access tokens as the Windows giant to make it look as though they were legitimately issued.
“Our researchers concluded that the compromised MSA key could have allowed the threat actor to forge access tokens for multiple types of Azure Active Directory applications,” Tamari explained on Friday.
This includes Microsoft applications using OpenID v2.0 access tokens for account authentication, such as Outlook, SharePoint, OneDrive, and Teams, we’re told.
Also, according to Wiz, it spans customers’ own applications that support the “login with Microsoft” functionality, plus multi-tenant applications configured to use the “common” v2.0 keys endpoint instead of the “organizations” one. Applications using OpenID v1.0 remain safe.
Politicians in the US are getting concerned and demanding action:
hate to say, buy mayby the way is to partner with Microsoft? So they can offer storj as a comming back from this blamage … idk like “Guys, guys, we messed up! if You want to have files super save from now on! here, we partnered with Storj Labs, and we make it available for our clients!”
One of the reasons for that is most Office plans include 1TB of Onedrive space - and 1TB for Sharepoint.
Now, I loathe Onedrive as a solution. Particularly when people try to use the sync with Sharepoint to give themselves mapped folders. We have no end of tickets for the sync breaking. The web page login works far better but most people don’t want to use it.
Very simple no. But if only a few of those customers who are using it for storage only would move their data to Storj DCS, that would be already a great achievement.
If the all Azure customers would start to migrate data, I believe SNO will notice that and extend their capacity accordingly. We saw that many times.
If there is a demand, the supply would be there too.
We are back to the bad old days of the browser wars.
Microsoft has integrated Edge tightly into M365 such that it caches your M365 credentials, particularly on an Azure AD joined machine.
If you want to or have to use Sharepoint then Edge is really the only option for the web interface to it.