Comments
d_pyro t1_jec9cjt wrote
And they only paid $40K to report it.
VoidMageZero t1_jecvy9n wrote
That’s the real crime. Big companies with billions of dollars are lowballing the good guys trying to help them.
Edwerd_ t1_jeeapbh wrote
Doesn't google only give like 30k bounties for exploits regarding remote Google account access?
host65 t1_jedtfal wrote
This info is worth a lot more than 3dev months
gumiho-9th-tail t1_jedt7ne wrote
Ethical bounty hunters can't make a living on just bounty hunting.
Rudy69 t1_jef7lhg wrote
'Awards' like these are exactly why people sell their exploits to the black market. You could literally modify search results.... I know Bing has a small marketshare but that's wild
systematical t1_jed3rtk wrote
Death, taxes and Microsoft security flaws.
NallePuh53 t1_jedu2dz wrote
Firing all beta testers was truly a stroke of genius!
[deleted] t1_jedwqer wrote
[deleted]
Beatless7 t1_jecnpq5 wrote
Fooled almost 20 people.
BigHandLittleSlap t1_jed611o wrote
Cross-posting my comment on this in the /r/programming thread about the vulnerability: https://www.reddit.com/r/programming/comments/126dwym/azure_active_directory_misconfiguration_exploited/jed00xe/
TL;DR: Microsoft disables audit logging by design precisely when it is the most needed (multi-tenant Enterprise Apps).
Rosellis t1_jed76qn wrote
It wasn’t really a security flaw but a misconfiguration. Glad nobody seems to have exploited it before it was patched.
SydneyRei t1_jee2kas wrote
Fortunately, no one has ever used Bing to google something so no data was actually lost.
Hudell t1_jeeu8fj wrote
Some time ago I used Bing for a few days by accident and I was literally getting mad at how bad my search results were. Google itself has been getting worse and worse over time so I thought that was just the next level down until I realized I was on Bing.
lywyre t1_jeeyzrf wrote
Some time ago I used Bing for a few days by accident and I was literally getting mad at how bad my google results were. Google itself has been getting worse and worse over time so I thought that was just the next level down until I realized I was on Bing.
Hudell t1_jef36vu wrote
I wouldn't mind keeping Bing if I could actually find things with it. In that specific case when I repeated the search on google the first result was the same for both (and comically unrelated), but google had something that matched my query further down the page, while Bing only had variations of the first result.
autotldr t1_jebwj4r wrote
This is the best tl;dr I could make, original reduced by 77%. (I'm a bot)
> A dangerous vulnerability was detected in Microsoft's Bing search engine earlier this year that allowed users to alter search results and access other Bing users' private information from the likes of Teams, Outlook, and Office 365.
> "A potential attacker could have influenced Bing search results and compromised Microsoft 365 emails and data of millions of people," Ami Luttwak, Wiz's chief technology officer, said to The Wall Street Journal.
> Bing has been enjoying a surge in popularity of late, surpassing a milestone of 100 million daily active users earlier this month following the launch of its AI-powered Bing Chat feature on February 7th. Had the issue not been patched a few days prior, Bing's explosive growth could have pushed the dangerous, highly accessible security exploit more widely to millions of users - according to Similarweb, Bing is the 30th most visited website in the world.
Extended Summary | FAQ | Feedback | Top keywords: Bing^#1 Microsoft^#2 Wiz^#3 Azure^#4 vulnerability^#5
Winterspawn1 t1_jee76gy wrote
Imagine using bing or outlook
[deleted] t1_jed0goj wrote
[deleted]
sigmatrophic t1_jecpjrt wrote
MS invests and integrate GTP... GTP shares exploits... It's looking to breakfree
[deleted] t1_jedwvoj wrote
[deleted]
QueenVanraen t1_jee1n7m wrote
They also clearly haven't read the article at all, nor the autotldr bot's summary.
the gpt integration had nothing to do w/ the vulnerability, but I guess hating on AI is trendy these days :D
[deleted] t1_jedz6hj wrote
[removed]
sigmatrophic t1_jeel5ey wrote
Its a joke... just because despite having all the money... they still can't ship a good product... and riffing on prior news where GPT was telling users it want's to escape.
SaxyOmega90125 t1_jec71r7 wrote
A major security flaw and/or general instability in Microsoft products? I'm shocked.