What is Nostr?
Kevin Beaumont /
npub176r…kwlw
2023-09-28 13:18:28

Kevin Beaumont on Nostr: Re MS 365 breach, a non-exhaustive list of questions for CISA’s review board: - Why ...

Re MS 365 breach, a non-exhaustive list of questions for CISA’s review board:

- Why was a long expired certificate allowed to be trusted, and why was this bit removed from the MSRC blog?

- The code library for checking token validity has been amended to fix the vulnerability in future. Developers are blamed for not following the documentation.. but why was the library shipped like that? Secure by design, and all - it was a solvable problem.
Author Public Key
npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw