Black83black
2021-02-19
[财迷]
[财迷]
SolarWinds hackers studied Microsoft source code for authentication and email
免责声明:上述内容仅代表发帖人个人观点,不构成本平台的任何投资建议。
分享至
微信
复制链接
精彩评论
我们需要你的真知灼见来填补这片空白
打开APP,发表看法
APP内打开
发表看法
{"i18n":{"language":"zh_CN"},"detailType":1,"isChannel":false,"data":{"magic":2,"id":384474901,"tweetId":"384474901","gmtCreate":1613678746203,"gmtModify":1634552680316,"author":{"id":3576542985729070,"authorId":3576542985729070,"authorIdStr":"3576542985729070","name":"Black83black","avatar":"https://static.tigerbbs.com/68ef81b344574b1c1be3814d613f72a8","vip":1,"userType":1,"introduction":"","boolIsFan":false,"boolIsHead":false,"crmLevel":8,"crmLevelSwitch":0,"individualDisplayBadges":[],"fanSize":20,"starInvestorFlag":false},"themes":[],"images":[],"coverImages":[],"extraTitle":"","html":"<html><head></head><body><p><span>[财迷] </span><span>[财迷] </span><br></p></body></html>","htmlText":"<html><head></head><body><p><span>[财迷] </span><span>[财迷] </span><br></p></body></html>","text":"[财迷] [财迷]","highlighted":1,"essential":1,"paper":1,"likeSize":0,"commentSize":0,"repostSize":0,"favoriteSize":0,"link":"https://laohu8.com/post/384474901","repostId":2112891565,"repostType":2,"repost":{"id":"2112891565","weMediaInfo":{"introduction":"Reuters.com brings you the latest news from around the world, covering breaking news in markets, business, politics, entertainment and technology","home_visible":1,"media_name":"Reuters","id":"1036604489","head_image":"https://static.tigerbbs.com/443ce19704621c837795676028cec868"},"pubTimestamp":1613675746,"share":"https://www.laohu8.com/m/news/2112891565?lang=&edition=full","pubTime":"2021-02-19 03:15","market":"us","language":"en","title":"SolarWinds hackers studied Microsoft source code for authentication and email","url":"https://stock-news.laohu8.com/highlight/detail?id=2112891565","media":"Reuters","summary":"By Joseph Menn SAN FRANCISCO, Feb 18 (Reuters) - The hackers behind the worst intrusion of U.S. go","content":"<html><body><p>By Joseph Menn</p><p> SAN FRANCISCO, Feb 18 (Reuters) - The hackers behind the worst intrusion of U.S. government agencies in years won access to Microsoft's secret source code for authenticating customers, <a href=\"https://laohu8.com/S/AONE\">one</a> of the biggest vectors used in the attacks.</p><p> Microsoft said in a blog post Thursday that its internal investigation had found that the hackers studied parts of the source code instructions for its Azure cloud programs related to identity and security, its Exchange email programs, and Intune management for mobile devices and applications.</p><p> Some of the code was downloaded, the company said, which would have allowed the hackers more freedom to hunt for security vulnerabilities, create copies with new flaws, or examine the logic for ways to exploit customer installations.</p><p> Microsoft had said before that the hackers had accessed some source code, but had not said which parts, or that any had been copied. </p><p> U.S. authorities said Wednesday the breaches revealed in December extended to nine federal agencies and 100 private companies, including major technology providers and security firms. They said the Russian government is likely behind the spree, which Moscow has denied.</p><p> Initially discovered by security provider FireEye Inc</p><p> , the hackers used advanced skills to insert software back doors for spying into widely used network-management programs distributed by Texas-based <a href=\"https://laohu8.com/S/SWI\">SolarWinds Corp</a> .</p><p> At the most prized of the thousands of SolarWinds customers were exposed last year, the hackers added new Azure identities, added greater rights to existing identities, or otherwise manipulated the Microsoft programs, largely to steal email. Some hacking also used that method on targets which did not use SolarWinds.</p><p> Microsoft previously acknowledged that some of its resellers, who often have continual access to customer systems, had been used in the hacks. It continues to deny that flaws in anything it provides directly have been used as an initial attack vector.</p><p> The company said Thursday it had completed its probe and that it had \"found no indications that our systems at Microsoft were used to attack others.\"</p><p> Nevertheless, the problems with identity management have proved so pervasive in the recent attacks that multiple security companies have issued new guidelines and warnings as well tools for detecting misuse.</p><p> (Reporting by Joseph Menn; editing by Jonathan Oatis)</p><p>((joseph.menn@thomsonreuters.com; +1-415-819-0026;))</p></body></html>","collect":0,"html":"<!DOCTYPE html>\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no\"/>\n<meta name=\"format-detection\" content=\"telephone=no,email=no,address=no\" />\n<title>SolarWinds hackers studied Microsoft source code for authentication and email</title>\n<style type=\"text/css\">\na,abbr,acronym,address,applet,article,aside,audio,b,big,blockquote,body,canvas,caption,center,cite,code,dd,del,details,dfn,div,dl,dt,\nem,embed,fieldset,figcaption,figure,footer,form,h1,h2,h3,h4,h5,h6,header,hgroup,html,i,iframe,img,ins,kbd,label,legend,li,mark,menu,nav,\nobject,ol,output,p,pre,q,ruby,s,samp,section,small,span,strike,strong,sub,summary,sup,table,tbody,td,tfoot,th,thead,time,tr,tt,u,ul,var,video{ font:inherit;margin:0;padding:0;vertical-align:baseline;border:0 }\nbody{ font-size:16px; line-height:1.5; color:#999; background:transparent; }\n.wrapper{ overflow:hidden;word-break:break-all;padding:10px; }\nh1,h2{ font-weight:normal; line-height:1.35; margin-bottom:.6em; }\nh3,h4,h5,h6{ line-height:1.35; margin-bottom:1em; }\nh1{ font-size:24px; }\nh2{ font-size:20px; }\nh3{ font-size:18px; }\nh4{ font-size:16px; }\nh5{ font-size:14px; }\nh6{ font-size:12px; }\np,ul,ol,blockquote,dl,table{ margin:1.2em 0; }\nul,ol{ margin-left:2em; }\nul{ list-style:disc; }\nol{ list-style:decimal; }\nli,li p{ margin:10px 0;}\nimg{ max-width:100%;display:block;margin:0 auto 1em; }\nblockquote{ color:#B5B2B1; border-left:3px solid #aaa; padding:1em; }\nstrong,b{font-weight:bold;}\nem,i{font-style:italic;}\ntable{ width:100%;border-collapse:collapse;border-spacing:1px;margin:1em 0;font-size:.9em; }\nth,td{ padding:5px;text-align:left;border:1px solid #aaa; }\nth{ font-weight:bold;background:#5d5d5d; }\n.symbol-link{font-weight:bold;}\n/* header{ border-bottom:1px solid #494756; } */\n.title{ margin:0 0 8px;line-height:1.3;color:#ddd; }\n.meta {color:#5e5c6d;font-size:13px;margin:0 0 .5em; }\na{text-decoration:none; color:#2a4b87;}\n.meta .head { display: inline-block; overflow: hidden}\n.head .h-thumb { width: 30px; height: 30px; margin: 0; padding: 0; border-radius: 50%; float: left;}\n.head .h-content { margin: 0; padding: 0 0 0 9px; float: left;}\n.head .h-name {font-size: 13px; color: #eee; margin: 0;}\n.head .h-time {font-size: 11px; color: #7E829C; margin: 0;line-height: 11px;}\n.small {font-size: 12.5px; display: inline-block; transform: scale(0.9); -webkit-transform: scale(0.9); transform-origin: left; -webkit-transform-origin: left;}\n.smaller {font-size: 12.5px; display: inline-block; transform: scale(0.8); -webkit-transform: scale(0.8); transform-origin: left; -webkit-transform-origin: left;}\n.bt-text {font-size: 12px;margin: 1.5em 0 0 0}\n.bt-text p {margin: 0}\n</style>\n</head>\n<body>\n<div class=\"wrapper\">\n<header>\n<h2 class=\"title\">\nSolarWinds hackers studied Microsoft source code for authentication and email\n</h2>\n\n<h4 class=\"meta\">\n\n\n<a class=\"head\" href=\"https://laohu8.com/wemedia/1036604489\">\n\n\n<div class=\"h-thumb\" style=\"background-image:url(https://static.tigerbbs.com/443ce19704621c837795676028cec868);background-size:cover;\"></div>\n\n<div class=\"h-content\">\n<p class=\"h-name\">Reuters </p>\n<p class=\"h-time\">2021-02-19 03:15</p>\n</div>\n\n</a>\n\n\n</h4>\n\n</header>\n<article>\n<html><body><p>By Joseph Menn</p><p> SAN FRANCISCO, Feb 18 (Reuters) - The hackers behind the worst intrusion of U.S. government agencies in years won access to Microsoft's secret source code for authenticating customers, <a href=\"https://laohu8.com/S/AONE\">one</a> of the biggest vectors used in the attacks.</p><p> Microsoft said in a blog post Thursday that its internal investigation had found that the hackers studied parts of the source code instructions for its Azure cloud programs related to identity and security, its Exchange email programs, and Intune management for mobile devices and applications.</p><p> Some of the code was downloaded, the company said, which would have allowed the hackers more freedom to hunt for security vulnerabilities, create copies with new flaws, or examine the logic for ways to exploit customer installations.</p><p> Microsoft had said before that the hackers had accessed some source code, but had not said which parts, or that any had been copied. </p><p> U.S. authorities said Wednesday the breaches revealed in December extended to nine federal agencies and 100 private companies, including major technology providers and security firms. They said the Russian government is likely behind the spree, which Moscow has denied.</p><p> Initially discovered by security provider FireEye Inc</p><p> , the hackers used advanced skills to insert software back doors for spying into widely used network-management programs distributed by Texas-based <a href=\"https://laohu8.com/S/SWI\">SolarWinds Corp</a> .</p><p> At the most prized of the thousands of SolarWinds customers were exposed last year, the hackers added new Azure identities, added greater rights to existing identities, or otherwise manipulated the Microsoft programs, largely to steal email. Some hacking also used that method on targets which did not use SolarWinds.</p><p> Microsoft previously acknowledged that some of its resellers, who often have continual access to customer systems, had been used in the hacks. It continues to deny that flaws in anything it provides directly have been used as an initial attack vector.</p><p> The company said Thursday it had completed its probe and that it had \"found no indications that our systems at Microsoft were used to attack others.\"</p><p> Nevertheless, the problems with identity management have proved so pervasive in the recent attacks that multiple security companies have issued new guidelines and warnings as well tools for detecting misuse.</p><p> (Reporting by Joseph Menn; editing by Jonathan Oatis)</p><p>((joseph.menn@thomsonreuters.com; +1-415-819-0026;))</p></body></html>\n\n</article>\n</div>\n</body>\n</html>\n","type":0,"thumbnail":"","relate_stocks":{"03086":"华夏纳指","09086":"华夏纳指-U","SWI":"SolarWinds Corp","MSFT":"微软"},"source_url":"http://api.rkd.refinitiv.com/api/News/News.svc/REST/News_1/RetrieveStoryML_1","is_english":true,"share_image_url":"https://static.laohu8.com/e9f99090a1c2ed51c021029395664489","article_id":"2112891565","content_text":"By Joseph Menn SAN FRANCISCO, Feb 18 (Reuters) - The hackers behind the worst intrusion of U.S. government agencies in years won access to Microsoft's secret source code for authenticating customers, one of the biggest vectors used in the attacks. Microsoft said in a blog post Thursday that its internal investigation had found that the hackers studied parts of the source code instructions for its Azure cloud programs related to identity and security, its Exchange email programs, and Intune management for mobile devices and applications. Some of the code was downloaded, the company said, which would have allowed the hackers more freedom to hunt for security vulnerabilities, create copies with new flaws, or examine the logic for ways to exploit customer installations. Microsoft had said before that the hackers had accessed some source code, but had not said which parts, or that any had been copied. U.S. authorities said Wednesday the breaches revealed in December extended to nine federal agencies and 100 private companies, including major technology providers and security firms. They said the Russian government is likely behind the spree, which Moscow has denied. Initially discovered by security provider FireEye Inc , the hackers used advanced skills to insert software back doors for spying into widely used network-management programs distributed by Texas-based SolarWinds Corp . At the most prized of the thousands of SolarWinds customers were exposed last year, the hackers added new Azure identities, added greater rights to existing identities, or otherwise manipulated the Microsoft programs, largely to steal email. Some hacking also used that method on targets which did not use SolarWinds. Microsoft previously acknowledged that some of its resellers, who often have continual access to customer systems, had been used in the hacks. It continues to deny that flaws in anything it provides directly have been used as an initial attack vector. The company said Thursday it had completed its probe and that it had \"found no indications that our systems at Microsoft were used to attack others.\" Nevertheless, the problems with identity management have proved so pervasive in the recent attacks that multiple security companies have issued new guidelines and warnings as well tools for detecting misuse. (Reporting by Joseph Menn; editing by Jonathan Oatis)((joseph.menn@thomsonreuters.com; +1-415-819-0026;))","news_type":1},"isVote":1,"tweetType":1,"viewCount":302,"commentLimit":10,"likeStatus":false,"favoriteStatus":false,"reportStatus":false,"symbols":[],"verified":2,"subType":0,"readableState":1,"langContent":"CN","currentLanguage":"CN","warmUpFlag":false,"orderFlag":false,"shareable":true,"causeOfNotShareable":"","featuresForAnalytics":[],"commentAndTweetFlag":false,"upFlag":false,"length":12,"xxTargetLangEnum":"ZH_CN"},"commentList":[],"isCommentEnd":true,"isTiger":false,"isWeiXinMini":false,"url":"/m/post/384474901"}
精彩评论