SoylentNews is people
SoylentNews
from the government-doesn't-want-you-to-have-encryption dept.
Microsoft Azure Cloud Vulnerability is the 'Worst You Can Imagine'
Microsoft Azure cloud vulnerability is the 'worst you can imagine':
A flaw in Microsoft's Azure Cosmos DB database product left more than 3,300 Azure customers open to complete unrestricted access to hackers since 2019 when Microsoft added a data visualization feature called Jupyter Notebook to Cosmos DB. The feature was turned on by default for all Cosmos DBs in February 2021.
The Microsoft Database Hack Shows That Data Stored in the Cloud Must Always be Encrypted End-to-End.
The Microsoft database hack shows that data stored in the cloud must always be encrypted end-to-end.:
IT security specialist Ami Luttwak from Wiz discovered the vulnerability in the Azure Cosmos DB Jupyter Notebook Feature on Aug. 9 and reported it to Microsoft three days later. Microsoft published this statement saying it immediately fixed the issue. Microsoft thanked the security researchers for their work as part of the coordinated disclosure of the vulnerability. Microsoft also told Wiz via email that it planned to pay out $40,000 for reporting the vulnerability.
On Aug. 26, Microsoft notified several thousand of its cloud customers affected by the issue via email. In the message, the company warns its customers that attackers had the ability to read, modify and even delete all of the main databases. Luttwak managed to gain access to primary read-write keys, which he used to gain full access to customer databases. Because Microsoft could not change these keys itself, the company asked its customers to take action and exchange this primary key of CosmosDB as a precaution. Although the security hole has already been closed, customers should take this step to finally prevent a possible compromise of the databases. Microsoft further writes in the message that they have found no evidence that third parties (with the exception of Wiz) have accessed the keys.
[...] The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency used stronger language in a bulletin, making clear it was speaking not just to those customers that had been notified, but to everyone using Azure Cosmos DB:
"CISA strongly encourages Azure Cosmos DB customers to roll and regenerate their certificate key".
[...] Luttwak said: "This is the worst cloud vulnerability you can imagine. This is the central database of Azure, and we were able to get access to any customer database that we wanted."
For European Azure cloud customers who have personal data stored in a Cosmos DB instance, there is also the question of whether a precautionary GDPR notification must be sent to the responsible data protection authorities within 72 hours due to a possible security incident.
[...] The hack of Miscrosoft's Azure database shows once again that encryption is the best tool we have to fend off malicious attackers and to keep our data safe.
When data is stored in the cloud, the only way to properly protect this data is end-to-end encryption - free from any kind of backdoor.
See also: ChaosDB: How we hacked thousands of Azure customers' databases:
Original Submission #1 Original Submission #2 Original Submission #3
(Score: 2) by mobydisk on Thursday September 02 2021, @06:18PM
Sometimes that is the right approach. It is a trade-off between development dollars -vs- deployment dollars. Suppose I have $0.5 million to develop and launch a product. That's only gonna get me a couple of engineers for a year. It might be better to spend the recurring cloud costs than the up-front development costs. It could be that developing the efficient system would have cost me another $200k that I didn't have and the product never came to be. But the inefficient product is out there, generating revenue.
Also understand scale-out designs are often inherently inefficient. For example, an in-process in-memory database is very efficient, but it can only be accessed by one server. A SQL database located on a separate box with a load-balancer and a cache is less efficient but more scalable.
It should be an engineering + finance decision not a political one. My employer has a team in a similar spot: the team spends more cloud $ than any other team (for good reason), so they are under constant pressure to save money, so they have fewer build servers in their CI pipeline than the other teams. But that's dumb: if those build servers save the company development money, then they should spend it. This happens when a department head looks at a top-level budget line-item and attacks the biggest number.