Infosec.Pub
  • Communities
  • Create Post
  • Create Community
  • heart
    Support Lemmy
  • search
    Search
  • Login
  • Sign Up
hector_titucius [he/him]@hexbear.net to chapotraphouse@hexbear.netEnglish · 1 year ago

🫡🫡🫡Link in description

hexbear.net

message-square
19
fedilink
61

🫡🫡🫡Link in description

hexbear.net

hector_titucius [he/him]@hexbear.net to chapotraphouse@hexbear.netEnglish · 1 year ago
message-square
19
fedilink

https://www.microsoft.com/en-us/security/blog/2023/07/14/analysis-of-storm-0558-techniques-for-unauthorized-email-access/

  • mustardman [none/use name]@hexbear.net
    link
    fedilink
    English
    arrow-up
    12    ·
    1 year ago

    What can they do with a signing key?

    • hector_titucius [he/him]@hexbear.netOP
      link
      fedilink
      English
      arrow-up
      15      ·
      edit-2
      1 year ago

      Leak Hillary Clinton Emails

      • FourteenEyes [he/him]@hexbear.net
        link
        fedilink
        English
        arrow-up
        9        ·
        1 year ago

        delicious buttery mails

    • blobjim [he/him]@hexbear.net
      link
      fedilink
      English
      arrow-up
      10      ·
      1 year ago

      Pretend to be someone they aren’t

      An actor that can acquire a private signing key can then create falsified tokens with valid signatures that will be accepted by relying parties. This is called token forgery.

      • mustardman [none/use name]@hexbear.net
        link
        fedilink
        English
        arrow-up
        8        ·
        1 year ago

        Oh cool so they can distribute updates?

        • blobjim [he/him]@hexbear.net
          link
          fedilink
          English
          arrow-up
          4          ·
          1 year ago

          The article just says they signed authentication tokens which gave them access to outlook emails. I don’t think it was code signing that would let them distribute software, and that’s not what they were after.

          • mustardman [none/use name]@hexbear.net
            link
            fedilink
            English
            arrow-up
            3            ·
            1 year ago

            Thanks for actually reading the article o7

chapotraphouse@hexbear.net

chapotraphouse@hexbear.net

Subscribe from Remote Instance

Create a post
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !chapotraphouse@hexbear.net

Banned? DM Wmill to appeal.

No anti-nautilism posts. See: Eco-fascism Primer

Vaush posts go in the_dunk_tank

Dunk posts in general go in the_dunk_tank, not here

Don’t post low-hanging fruit here after it gets removed from the_dunk_tank

Visibility: Public
globe

This community can be federated to other instances and be posted/commented in by their users.

  • 1 user / day
  • 1 user / week
  • 123 users / month
  • 3.25K users / 6 months
  • 25 local subscribers
  • 13.5K subscribers
  • 12.2K Posts
  • 169K Comments
  • Modlog
  • mods:
  • LENINSGHOSTFACEKILLA [he/him]@hexbear.net
  • MiraculousMM [he/him, any]@hexbear.net
  • KenBonesWildRide [they/them]@hexbear.net
  • Nakoichi [they/them]@hexbear.net
  • itsPina [he/him, she/her]@hexbear.net
  • corgiwithalaptop [any, love/loves]@hexbear.net
  • PorkrollPosadist [he/him, they/them]@hexbear.net
  • ZoomeristLeninist [comrade/them, she/her]@hexbear.net
  • EmmaGoldman [she/her, comrade/them]@hexbear.net
  • InsidiousTrackers@hexbear.net
  • BE: 0.19.5
  • Modlog
  • Instances
  • Docs
  • Code
  • join-lemmy.org