Azure looks like a house of cards collapsing due to exploits and vulnerabilities.

The aftermath to the recent Microsoft Azure hack by suspected PRC actors.

What is the solution to this? Make sure cloud services are open source so they can be independently vetted? If government and corporate entities chose to use open source solutions, most are presented “as is” with no warranty.

  • shagie@programming.dev
    6·
    1 year ago

    Compare that to what I believe is the ZERO breaches Google has had in the same time frame.

    From earlier this month: Google Cloud Build bug lets hackers launch supply chain attacks

    A critical design flaw in the Google Cloud Build service discovered by cloud security firm Orca Security can let attackers escalate privileges, providing them with almost nearly-full and unauthorized access to Google Artifact Registry code repositories.

    Dubbed Bad.Build, this flaw could enable the threat actors to impersonate the service account for the Google Cloud Build managed continuous integration and delivery (CI/CD) service to run API calls against the artifact registry and take control over application images.

    As to why don’t you hear about more GCP flaws? I refer you to this uncomfortable truth: https://twitter.com/QuinnyPig/status/1173394437298196480

    “What does AWS have that GCP doesn’t?”
    “A meaningful customer base?”

    • ookees@beehaw.org
      1·
      1 year ago

      I forgot about the build bug. Ghost token I was unaware of. Ok so two? And ghost token required users to have had a allowed the malicious app in question.

      Meaningful customers is an opinion. I can list a bunch.