While Hurricane Hilary heads for Mexico and Southern California the world has just seen another security vulnerability named Storm-0558.
I guess no-one will ever really know what happened, but from publicly available information the story goes like this: An allegedly Chinese hacker group stole a signing key from tokens within Microsoft Azure Active Directory (MS Azure AD). The hacker group used the key to generate tokens to access MS Outlook Email accounts between April to July from various groups and people world-wide including but not limited to politicians, regime critics or persecuted minorities.
The vulnerability has been fixed by now, but it leaves us to wonder, why such a global key in a cloud service existed to begin with…
Are we really after the storm, before the storm or (always) in the storm?
Gerlinde 