Mark :verified: on Nostr: The SolarWinds intrusion keeps giving... ...
The SolarWinds intrusion keeps giving...
https://www.schneier.com/blog/archives/2023/08/microsoft-signing-key-stolen-by-chinese.html
Apparently the Microsoft private keys that were by China to recently penetrate a variety of services were captured during a SolarWinds penetration.
That plus Microsoft had some other bugs that allowed the expired certificates to be used - in areas beyond what they were supposed to be used.
Sigh.
https://www.schneier.com/blog/archives/2023/08/microsoft-signing-key-stolen-by-chinese.html
Apparently the Microsoft private keys that were by China to recently penetrate a variety of services were captured during a SolarWinds penetration.
That plus Microsoft had some other bugs that allowed the expired certificates to be used - in areas beyond what they were supposed to be used.
Sigh.