top | item 37708019

(no title)

So here's a little brain teaser about what you have to do when dealing with potential nation-state actors. This scenario is for the folks who are calling "hyperbole" when the actor is clearly, potentially a nation-state. This scenario is based upon an event that actually occurred.

1. You have a $200 million piece of defense-critical equipment. 2. You know that there was a 5-minute period where a potential member of a foreign intelligence service was alone and unattended in the same room as this piece of equipment.

What do you do with the equipment? You can:

a) Put the equipment into service b) Disassemble the equipment on both a hardware and software level and try to detect if anything was altered c) Destroy the equipment

If you choose anything other than c) you have probably never been, nor should you ever be, in charge of securing critical assets that can be targeted by a nation-state. This incident seems to indicate that the leadership at Microsoft would choose a).

Also, bear in mind that these are the people that you just sent all your ChatGPT data to.

discuss

insanitybit|2 years ago

Hi, person here who said that this is hyperbole. I said that because it states unfounded things in an extremely confusing way that implies that they are facts. No question, this was a very bad breach and I hope to learn more about it as the investigation continues.

Anyways, I've worked at companies that are absolutely targeted by nation states.

remram|2 years ago

We are not talking about a vulnerability in Azure's system here, we are talking about a vulnerability that was exploited. The worst has happened, somebody got in and grabbed that key.

The idea that an attacker went to this length to get the key and then did nothing with it is absurd.