Discussion
throwoutway: Yesterday ProPublica and ArsTechnica published a takedown of Azure: "Federal cyber experts called Microsoft’s cloud a “pile of shit,” approved it anyway" ...https://arstechnica.com/information-technology/2026/03/feder...
ronbenton: Bypassing logging feels relatively unimportant compared to some of the recent EntraID vulns we’ve seen
ares623: It takes a village of exploits to raise a successful and undetected attack.
kjellsbells: Puts me in mind of this scathing report from CISA on how a state-sponsored group broke into Microsoft and then into the State Department and a bunch of other agencies. Reads like a heist movie.https://www.cisa.gov/sites/default/files/2024-03/CSRB%20Revi...What I found most incredible about the story is that it wasn't Microsoft who found the intrusion. It was some sysadmin at State who saw that some mail logs did not look right and investigated.
charles_f: In which one expert called the documentation provided "a pile of shit", which propublica took the liberty of extending to Azure itself
