/
Navigation
C
Chronicles
Browse all articles
C
E
Explore
Semantic exploration
E
R
Research
Entity momentum
R
N
Nexus
Correlations & relationships
N
~
Story Arc
Topic evolution
S
Drift Map
Semantic trajectory animation
D
P
Posts
Analysis & commentary
P
Browse
@
Entities
Companies, people, products, technologies
Domains
Browse by publication source
Handles
Browse by social media handle
Detection
?
Concept Search
Semantic similarity search
!
High Impact Stories
Top coverage by position
+
Sentiment Analysis
Positive/negative coverage
*
Anomaly Detection
Unusual coverage patterns
Analysis
vs
Rivalry Report
Compare two entities head-to-head
/\
Semantic Pivots
Narrative discontinuities
!!
Crisis Response
Event recovery patterns
Connected
Nav: C E R N
Search: /
Command: ⌘K
Embeddings: large
VOICE ARCHIVE

Hillai Ben-Sasson

@hillai
5 posts
2023-09-19
Why did this happen? 🧐 Account SAS tokens are created offline, with no limit on their expiry or scope. They aren't managed within the Azure portal, and they're also difficult to revoke. These features help easy content sharing, but they can also serve as dangerous pitfalls.
2023-09-19 View on X
TechCrunch

Researchers find a GitHub repo run by Microsoft's AI research unit that exposed 38TB of sensitive data, like secret keys and 30K+ Microsoft staff Teams messages

Microsoft AI researchers accidentally exposed tens of terabytes of sensitive data, including private keys and passwords …

View original
How can you avoid this? 🚨 Avoid using Account SAS for external sharing. Azure offers more secure alternatives, such as Service SAS with Stored Access Policy (for long-term sharing), or User Delegation SAS (for short-lived access).
2023-09-19 View on X
TechCrunch

Researchers find a GitHub repo run by Microsoft's AI research unit that exposed 38TB of sensitive data, like secret keys and 30K+ Microsoft staff Teams messages

Microsoft AI researchers accidentally exposed tens of terabytes of sensitive data, including private keys and passwords …

View original
Microsoft's AI research team published open-source training data using “SAS tokens” - sharable links granting access to Azure Storage data. Only instead of limiting access to specific files, the token granted access to the ENTIRE account, including *18* storage containers 🤯 [image]
2023-09-19 View on X
TechCrunch

Researchers find a GitHub repo run by Microsoft's AI research unit that exposed 38TB of sensitive data, like secret keys and 30K+ Microsoft staff Teams messages

Microsoft AI researchers accidentally exposed tens of terabytes of sensitive data, including private keys and passwords …

View original
Within these containers, our @wiz_io secret scan found: *️⃣ Personal passwords for Microsoft services 🔑 Private keys 📄 Private source code and AI training data 💬 Over 30k internal @MicrosoftTeams messages [image]
2023-09-19 View on X
TechCrunch

Researchers find a GitHub repo run by Microsoft's AI research unit that exposed 38TB of sensitive data, like secret keys and 30K+ Microsoft staff Teams messages

Microsoft AI researchers accidentally exposed tens of terabytes of sensitive data, including private keys and passwords …

View original
2023-03-31
I hacked into a @Bing CMS that allowed me to alter search results and take over millions of @Office365 accounts. How did I do it? Well, it all started with a simple click in @Azure... 👀 This is the story of #BingBang 🧵⬇️ https://twitter.com/...
2023-03-31 View on X
The Verge

Microsoft fixed an Azure vulnerability after researchers found that the flaw could have let anyone alter Bing search results and access users' Office 365 data

Jess Weatherbed / The Verge :

View original