back to article Attackers abuse Microsoft’s 'verified publisher' status to steal data

Miscreants using malicious OAuth applications abused Microsoft's "verified publisher" status to gain access to organizations' cloud environments, then steal data and pry into to users' mailboxes, calendars, and meetings. According to researchers with Proofpoint, which uncovered the campaign in early December, hijacking the " …

  1. jake Silver badge

    So truthfully now ...

    ... who didn't see this one coming when still several parsecs out?

    1. Anonymous Coward
      Anonymous Coward

      Re: So truthfully now ...

      Yup. Trusting Microsoft with your authentication isn't asking for problems, it's actively begging for it on your knees with your exposed rear up ready for .. well, I leave the rest to your no doubt fertile imagination.

      Nobody realised that when Microsoft started to use the term "Trusted computing" they were being sarcastic..

      1. Zippy´s Sausage Factory
        Devil

        Re: So truthfully now ...

        No, they did well in Trusted Computing for a while. But as usual they probably went "oh that's that problem solved, let's reduce the team to three people who don't actually care about the issue and move onto adding more buttons that nobody wants to justify the next round of upgrades for Office"

        1. Diogenes8080

          Re: So truthfully now ...

          In truth, I don't think breaching Microsoft's latest assurance scheme * is that big a deal. Any organisation with an open policy (which I believe is still the default even though Microsoft themselves recommend otherwise) is going to see lots of quite well-known, respectable apps washing up on that ole' Enterprise Apps blade with minimal details. The list rapidly becomes a sty in which malevolent actors can hide amongst the clutter.

          * Still grateful to El Reg for highlighting this old one from 2019:

          https://www.theregister.com/2019/01/23/office_365_network_hole/

      2. hoola Silver badge

        Re: So truthfully now ...

        Like Okta then,

        It is not just an MS issue, they are probably just the biggest,

  2. Anonymous Coward
    Anonymous Coward

    in the cloud

    what's mine is yours and what's yours is mine.

    As complex as they can make it (security though obscurity ~~) all it takes is a Cert, Key, Token, and anything goes. How many businesses will fail if MS fails for a week?

    Their entire system is so dependent on itself, it should be called a house of cards or Jenga.

    If their products were separated completly, I would have more confidance in them.

  3. PRR Silver badge
    Devil

    OAuth always looked to me like misplaced trust.

    I resisted/refused for a while, but got overwhelmed when even Thunderbird and GMail connived to insist that was the Only Way.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like