👨💻 ⇑⇑⇓⇓⇐⇒⇐⇒BA
❀𝓪𝓵𝓬𝓮𝓪𖤐 
( #Mastodon #instance are locked to the #domain they were made on sadly...)
I agree on the "just because I had it in the past" #sentiment .
#SocialMedia is a sideproject at best
•acws #acws
@bugbear Couldn't you request the #Authcode and move the #domain to cheaper one ?
( #Mastodon #instance are locked to the #domain they were made on sadly...)
I agree on the "just because I had it in the past" #sentiment .
#SocialMedia is a sideproject at best
•acws #acws
( #Mastodon #instance are locked to the #domain they were made on sadly...)
I agree on the "just because I had it in the past" #sentiment .
#SocialMedia is a sideproject at best
•acws #acws
Kevin Karhan 
@GossiTheDog the sheer fact that #MSPs & #CSPs can access clients' setups without proper #authorization [including #KYC / #KYB, #AuthCode|s and proper authorization via contract] is already sickening.
- This literally begs to be abused via #SocialEngineering / #SocialHacking of #Microsoft personnel or just blatant "#PrivilegueEscalation" through falsefully claiming to be a #MSP / #CSP contracted by the targeted company.
Such fundamental #ITsec fuckups are reasons alone not to use #Azure or any #Microsoft products & services at all...
Kevin Beaumont (@[email protected])
Attached: 3 images This is the partner.microsoft.com portal, it allows CSPs - Cloud Solution Providers - to gain access to their customer's environments. CVE-2024-49035 was around improper privilege management, i.e. being able to access things you shouldn't. It being in CISA KEV says it was being exploited in the wild. That portal allows a huge footprint of access by design.