Posted on 03/31/2023 1:23:27 PM PDT by Twotone
A security researcher has claimed that he was able to hack into Microsoft’s Bing search engine in order to change the top results to whatever he chose.
Hillai Ben-Sasson, who works as a researcher at cloud security firm Wiz, was also able to take over millions of Microsoft Office 365 accounts, which he claimed gave him access to users’ Outlook emails, calendars and MS Teams messages.
“I hacked into a Bing CMS that allowed me to alter search results and take over millions of Office 365 accounts,” Mr Ben-Sasson wrote.
His Wiz research team spotted the vulnerability within Microsoft’s cloud computing service Azure, where a configuration meant that “a single checkbox is all that separates an app from becoming ‘multi-tenant’”, meaning all users could log in to the back end.
“My user was immediately granted access to this ‘Bing Trivia’ page,” he explained.
“Don’t let the name fool you – it controls much more than just trivia. In fact, as I came to find out, it can control actual search results.”
The vulnerability allowed Mr Ben-Sasson to switch the top result on Bing when searching ‘best soundtracks’, swapping it from the 2021 movie Dune to the 1995 cult classic Hackers.
It is not clear if the security flaw was exploited by any malicious hackers before it was discovered, though it appears to have since been patched by Microsoft.
Mr Ben-Sasson said he and his team were awarded $40,000 by Microsoft as part of its bug bounty program.
The Independent has reached out to Microsoft for more information.
Bing has seen a surge in popularity in recent months following the integration of OpenAI’s popular AI chatbot ChatGPT.
(Excerpt) Read more at aol.com ...
I refuse to subscribe to Office 365, instead holding on to an older desktop version for my personal needs. I now have yet another reason why I should continue doing so. Most of this will be moot once I switch over to Linux in the next year or two.
After you upgrade to Linux, install a copy of Thunderbird email client. It’s the bomb.
I've been using Thunderbird on my PC for many years. That will be an easy transition. I also refuse to leave my emails on whatever server I am linked to. Those that are saved are downloaded to my PC, and those local files are backed up regularly to three other drives (yeah, I'm that paranoid).
Thankfully, no need for MS Access. Mainly Excel and Word. Occasionally PowerPoint. I also plan to keep my Windows 10 Pro license and PC around after they EOL Win10. Offline for those applications I can’t find a suitable substitute for. My main concern is software like TurboTax. They do not have a version for Linux the last I looked. Maybe some other tax preparation software does (and, no, I am not doing my taxes online).
I can’t convince my wife to use a client like TBird. She insists on using our ISP’s interface as her email app. Oh well.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.