|
same
|
#
?
Mar 28, 2023 23:03
|
|
|
|
| # ? Mar 31, 2023 09:40 |
|
|
just delete your cookies
|
|
#
?
Mar 28, 2023 23:08
|
|
|
dpkg chopra posted:buddy, terrible posts is all we have
|
|
#
?
Mar 29, 2023 01:32
|
|
|
Subjunctive posted:that’s all fine and good, but what about my terrible posts? who’s going to apologize for them? ask not for whom the poo poo posts, it posts for thee
|
|
#
?
Mar 29, 2023 03:41
|
|
|
lomarf https://twitter.com/hillai/status/1641146512712368128
|
|
#
?
Mar 30, 2023 18:58
|
|
|
holy gently caress that's bad. the whole "azure ad credentials are used for bing" thing makes that xss exploit a catastrophic vulnerability
|
|
#
?
Mar 30, 2023 19:02
|
|
|
Powerful Two-Hander posted:*nods sagely* terrorists win
|
|
#
?
Mar 30, 2023 19:07
|
|
|
drat they’ve rolled that all out so fast too
|
|
#
?
Mar 30, 2023 19:11
|
|
|
i am a moron posted:drat they’ve rolled that all out so fast too I’m sure there’s no correlation
|
|
#
?
Mar 30, 2023 19:22
|
|
|
I’m thinking there’s more and it’s worse One of the comments was ‘GitHub copilot wrote this’ and I bet it’s not far from the truth, it’s a very basic fuckup to make on azure
|
|
#
?
Mar 30, 2023 19:30
|
|
|
idk i feel like $40k is a pittance considering the damage they would have taken if a hacker actually abused that exploit
|
|
#
?
Mar 30, 2023 20:08
|
|
|
PIZZA.BAT posted:idk i feel like $40k is a pittance considering the damage they would have taken if a hacker actually abused that exploit absolutely, that was my first thought lol
|
|
#
?
Mar 30, 2023 20:43
|
|
|
lol same
|
|
#
?
Mar 30, 2023 20:59
|
|
|
PIZZA.BAT posted:idk i feel like $40k is a pittance considering the damage they would have taken if a hacker actually abused that exploit https://www.microsoft.com/en-us/msrc/bounty?rtc=1 it’s nice of them to put the relative worth of security to various MS divisions in a table like that
|
|
#
?
Mar 30, 2023 21:38
|
|
|
|
| # ? Mar 31, 2023 09:40 |
|
|
amazing. This would suggest that even if microsoft had made them single tenant apps, any microsoft tenant account would have had access. If their fix was to add authorization to the apps it should be good now, but if all they did to "fix" it was set it to single-tenant, users in whatever tenant they put it in would still have full access to gently caress with everything. tbh tho this is all a bunch of issues with bad application security and nothing to do w/ azure ad itself. Bing getting owned would be funny but it doesnt impact me. The real gently caress up is bing getting secret oauth authorization in everyone's 365 tenant. Thats totally hosed.
|
|
#
?
Mar 30, 2023 22:10
|
|