Complete News World

Microsoft’s stolen master key: America puts cloud security to the test

Microsoft’s stolen master key: America puts cloud security to the test

During an executive order by the President of the United States to improve cyber security, the United States was founded Cyber ​​Security Review Board (CSRB). It aims to “review key Internet events and make specific recommendations.” One such “major” cyber event was the penetration of Microsoft Cloud by Chinese attackers. After all, they snooped on the emails of two US officials and at least had access to the data of all cloud customers. Therefore, the CSRB is now taking up this incident and cloud security in general. From this investigation Report to be made It will be presented to US President Biden and Cyber ​​Security and Infrastructure Security Agency (CISA) chief Jen Easterly, along with concrete recommendations for action.


The announcement is a major setback for Microsoft’s efforts to downplay this apparent incident. The cloud giant still stubbornly refuses to disclose specific details of the failure of its own security measures. It is not yet known how and where the master key was stolen, or what ominous “validation error” enabled it. It was only after the alleged attacks mitigated Microsoft’s original report that it provided unauthorized access to nearly the entire Microsoft cloud.

At least it was clear early on that CISA was taking the incident very seriously. Thanks to your insistence, Microsoft will at least provide log files that detect such attacks in the future, at no additional cost. It remains to be seen whether this CSRB investigation will now lead to greater clarity and, above all, put pressure on Microsoft to handle the security issue in a more transparent manner.

See also  Europe Day: NEOS for "United States of Europe".

But the announcement already represents a slap in the face for all European security and data protection authorities. According to Microsoft, the primary victims of the attack European public institutions. So, it is quite obvious that they will now be on their hind legs and demand a full disclosure from Microsoft as to how such a failure occurred. A reassessment of the use of Microsoft and other cloud services should indeed be high on the agenda.

But nothing: “Incident […] “But it did not lead to a fundamental re-evaluation of the security of cloud computing by BSI,” says the highest German security commission’s report, which reached us more than a week ago. responded that it was working; however, at the present time “there are no signs that federal agencies are affected.” In my commentary “The 20-Year Plaster Worm: The Next Supermeltdown Awaits the Cloud,” I called it, somewhat provocatively, “tolerance stiffening.”


To home page