Meh. That whole issue is way overblown by the twitter researcher types trying to... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		dcow on Sept 30, 2023 \| parent \| context \| favorite \| on: Azure dropping database support for MariaDB. Users... Meh. That whole issue is way overblown by the twitter researcher types trying to build buzz and make a name. It's a serious issue don't get me wrong but security incidents are a question of when not if and the dialog surrounding the issue doesn't come across as charitably capturing the scope and impact. Microsoft's response, which has been to handle the issue responsibly is far from the "radio silence coverup" and "the attackers are still in the network" and "you can't trust anything Microsoft signs anymore" reality you'd be inclined to believe if you only read the hype angle and believe the alarmist comments from other "any chance to bash on M$ is a heyday" types. I hadn't seen the article you linked though and will say it seems to be in good taste.

karim on Sept 30, 2023 [–]

They were able to spoof tokens for a long time, access mailboxes, etc.

If this isn't enough for you, there's also ChaosDB, the cross-account vulnerability Palo Alto found (https://unit42.paloaltonetworks.com/azure-container-instance...), among many others.

This isn't an isolated instance, that's a pattern.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact