Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
post hole digger
Mar 21, 2011

same

Adbot
ADBOT LOVES YOU

MononcQc
May 29, 2007

"I believe I did, Bob."


just delete your cookies

Soylent Pudding
Jun 22, 2007

We've got people!


dpkg chopra posted:

buddy, terrible posts is all we have

spankmeister
Jun 15, 2008






Subjunctive posted:

thatís all fine and good, but what about my terrible posts? whoís going to apologize for them?

ask not for whom the poo poo posts, it posts for thee

Chris Knight
Jun 5, 2002

And I'm only saying this because I care.

There are a lot of decaffeinated brands on the market today that are just as tasty as the real thing.


Fun Shoe
lomarf
https://twitter.com/hillai/status/1641146512712368128

infernal machines
Oct 11, 2012

the future has already arrived. it's just not evenly distributed yet.

holy gently caress that's bad.

the whole "azure ad credentials are used for bing" thing makes that xss exploit a catastrophic vulnerability

Volmarias
Dec 31, 2002

I'm sure I'll think of something.

Powerful Two-Hander posted:

*nods sagely* terrorists win

i am a moron
Nov 12, 2020
drat theyíve rolled that all out so fast too

Apex Rogers
Jun 12, 2006

disturbingly functional

i am a moron posted:

drat theyíve rolled that all out so fast too

Iím sure thereís no correlation

i am a moron
Nov 12, 2020
Iím thinking thereís more and itís worse

One of the comments was ĎGitHub copilot wrote thisí and I bet itís not far from the truth, itís a very basic fuckup to make on azure

PIZZA.BAT
Nov 12, 2016

:cheers:


idk i feel like $40k is a pittance considering the damage they would have taken if a hacker actually abused that exploit

Beeftweeter
Jun 28, 2005


holy shit this os has cinepak?!?!?


PIZZA.BAT posted:

idk i feel like $40k is a pittance considering the damage they would have taken if a hacker actually abused that exploit

absolutely, that was my first thought lol

koolkal
Oct 21, 2008

this thread maybe doesnt have room for 2 green xbox one avs
lol same

hobbesmaster
Jan 28, 2008

PIZZA.BAT posted:

idk i feel like $40k is a pittance considering the damage they would have taken if a hacker actually abused that exploit

https://www.microsoft.com/en-us/msrc/bounty?rtc=1

itís nice of them to put the relative worth of security to various MS divisions in a table like that

Adbot
ADBOT LOVES YOU

Shaggar
Apr 26, 2006
Nap Ghost

amazing. This would suggest that even if microsoft had made them single tenant apps, any microsoft tenant account would have had access. If their fix was to add authorization to the apps it should be good now, but if all they did to "fix" it was set it to single-tenant, users in whatever tenant they put it in would still have full access to gently caress with everything.

tbh tho this is all a bunch of issues with bad application security and nothing to do w/ azure ad itself. Bing getting owned would be funny but it doesnt impact me.

The real gently caress up is bing getting secret oauth authorization in everyone's 365 tenant. Thats totally hosed.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply