@jerry Moving production dumps (memory or storage) to developer machines is a big risk. Not going to question someone elses reasons for doing it without knowing all of the precautions they had setup, but it isn't something I would want to do everyday.
@jerry are they not using a hardware security module to hold the key?
“Our investigation found that a consumer signing system crash in April of 2021 resulted in a snapshot of the crashed process (“crash dump”). The crash dumps, which redact sensitive information, should not include the signing key. In this case, a race condition allowed the key to be present in the crash dump (this issue has been corrected). The key material’s presence in the crash dump was not detected by our systems (this issue has been corrected).”
The write up never mentions HSM so I assume not…
Having keys like this on regular systems (even is supposedly secured) is bonkers.
@kurtseifried a congressperson sent a public letter to the attorney general asking that MS be investigated over the breach, and specifically called out that MS was not following their own guidance to customers regarding the use of HSMs, among other controls
Add comment