Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Google Microsoft Mozilla The Internet News Apple Technology

Server Snafu Makes Microsoft Beg For CA Audit Data From Its Partners (softpedia.com) 115

An anonymous reader writes: Microsoft, just like Google, Apple, and Mozilla, is part of the CA/BForum, an organization of web browser vendors and certification authorities (CAs). As a browser vendor, Microsoft maintains a list of authorized CAs and their respective root certificates. According to a message on the CA/BForum, there was an error on the server that was running a CRM application that managed this list of trusted certificates and the adjacent details regarding each certificate and CA. The data is lost forever and Microsoft is now asking CAs to resend their most recent audits. Currently a lot of certs are broken in Edge and IE. Microsoft says that it lost audit data for 147 root certificates, which resulted in many SSL/TLS certificates showing errors inside the company's products.
This discussion has been archived. No new comments can be posted.

Server Snafu Makes Microsoft Beg For CA Audit Data From Its Partners

Comments Filter:
  • wtf (Score:5, Interesting)

    by lastman71 ( 1314797 ) on Saturday March 05, 2016 @12:41AM (#51642141)
    Seriously. No backup?
    • Re:wtf (Score:5, Insightful)

      by Forever Wondering ( 2506940 ) on Saturday March 05, 2016 @01:07AM (#51642245)

      Seriously. No backup?

      Maybe they used Azure for their backup ...

      • Re:wtf (Score:5, Insightful)

        by Anonymous Coward on Saturday March 05, 2016 @01:21AM (#51642283)

        This might be the correct explanation. I have seen the technology management to actually trust on their "the cloud is the backup" fairytale. And then we lost data multiple times thanks to software or administration errors which deleted the data from all replicates. After fourth data loss the dumb ass management started to plan a real write-only backup system. Thankfully I don''t work on that company anymore as the management is still there planning for their next failures.

        • Re:wtf (Score:4, Insightful)

          by Sarten-X ( 1102295 ) on Saturday March 05, 2016 @01:58PM (#51644415) Homepage

          There are fallbacks, backups, and disaster recovery mechanisms. They are three different things, with three different purposes, and managers love to confuse them.

          • All these technical terms confused Microsoft management, and it all cost more money, so they checked the 'no' box.

    • Re: (Score:3, Informative)

      Actually, what seems to have happened is that they _did_ have a backup. But, they had to roll back to an old one.

      • Actually, what seems to have happened is that they _did_ have a backup. But, they had to roll back to an old one.

        Sounds like the excuse I'd give if I was worrying about keeping my job.

    • by Anonymous Coward
      from the actual request:

      "Our CRM system suffered a data loss, and it looks like it rolled back to an old backup. As a result, we lost audit data for about 147 roots."

      see: https://cabforum.org/pipermail... [cabforum.org]
      • Re:wtf (Score:4, Insightful)

        by unrtst ( 777550 ) on Saturday March 05, 2016 @02:09AM (#51642403)

        ... rolled back to an old backup. As a result, we lost audit data for about 147 roots.

        How the fuck are there that many changes for root CA's withing the period of one backup?

        • by Anonymous Coward

          ... rolled back to an old backup. As a result, we lost audit data for about 147 roots.

          How the fuck are there that many changes for root CA's withing the period of one backup?

          They rolled back to an old backup. Not necessarily the most recent. Perhaps all of the more recent backups were borked, and that was the most recent unborked backup...

        • by Anonymous Coward

          The files may have been open so they weren't able to back them up so it wasn't within the period of one backup. DOS/Windows isn't like UNIX. You can't work with open files. That's why Windows has to crash completely for even minor updates.

          • Windows built-in volume shadow system let's you back up open/locked files just fine, and has for many years
          • The files may have been open so they weren't able to back them up so it wasn't within the period of one backup. DOS/Windows isn't like UNIX. You can't work with open files. That's why Windows has to crash completely for even minor updates.

            I am not a real Windows Admin, but that just isn't true. Modern backups of Windows servers take advantage of a snapshot-ting capability (I think it's called VSS) so that all files can be backed-up. I have no idea how it actually works, but I know that it does.

        • ... rolled back to an old backup. As a result, we lost audit data for about 147 roots.

          How the fuck are there that many changes for root CA's withing the period of one backup?

          Edge is involved, Win10 is a different beast, if one has the proper certs they can bypass the windows firewall. Every since Windows supplied a firewall with their OS that's been the way it has worked.

        • ... rolled back to an old backup. As a result, we lost audit data for about 147 roots.

          How the fuck are there that many changes for root CA's withing the period of one backup?

          Because they only backed up the system once, and then never actually started the backups running on their regular schedule, I'll bet.

      • "Our CRM system suffered a data loss, and it looks like we were too fucking stupid to have a recent backup."

    • It should be on their OneDrive... you know, in the cloud

      Really, just how brittle is this "Internet"? And how will Microsoft verify these certificates? Hmmm?

    • Re:wtf (Score:4, Interesting)

      by gmack ( 197796 ) <<gmack> <at> <innerfire.net>> on Saturday March 05, 2016 @08:13AM (#51643167) Homepage Journal

      It's Microsoft. Data loss from lack of backups is has happened to them before. [roughlydrafted.com] Unfortunately they didn't learn from past mistakes.

    • Seriously. No backup?

      "We're Microsoft, trust us with your data, hurr durr."

    • Seriously. No backup?

      I know. And this is the company that has been one of the most aggressive about pushing their products into "the Cloud".

  • by Anonymous Coward

    I wonder if these are the same people making gui design decisions for windows 10.. I bet the same department head signs both teams' checks.

    • I wonder if these are the same people making gui design decisions for windows 10.. I bet the same department head signs both teams' checks.

      They have 118,000 employees. Blaming them all is like blaming the army when you don't get your social security check.

  • I'd hate to be in the Retrospective meeting for THAT iteration.

    You're supposed to deliver a releasable product, not release all your products (obscure Objective-C reference counting joke).

  • by bugs2squash ( 1132591 ) on Saturday March 05, 2016 @12:50AM (#51642173)
    can't they just download chrome or firefox and get the equivalent list.
  • If Microsoft can perpetrate something like this, I think I had better set aside some time to verify that I do not have omissions in my own backup and disaster recovery procedures.I cannot imagine having to report something like this to top management.

  • How many root certificates does Microsoft hold and how long did it take to recover the 147 that were lost? Tech news posted to Slashdot tends to be a little skeletal and runs on the principle of "better late than never."

    Microsoft says that it lost audit data for 147 root certificates, which resulted in many SSL/TLS certificates showing errors inside the company's products.

    I am curious as well about how often these certificates change. How old a backup is too old?

    • by subk ( 551165 )

      How many root certificates does Microsoft hold and how long did it take to recover the 147 that were lost? Tech news posted to Slashdot tends to be a little skeletal and runs on the principle of "better late than never."

      343 total, and they're required to be audited annually. It doesn't take a mathematician to see how old thier tarball was!

  • ..Before we find out they were running SSLv2 and got DROWN'ed?
  • by DNS-and-BIND ( 461968 ) on Saturday March 05, 2016 @03:46AM (#51642613) Homepage
    "there was an error on the server" "Our CRM system suffered a data loss" way to state the fact that a major company like Microsoft can't even run their own systems correctly. Well where are the fucking backups? Whoopsy-doodle! Looks like Microsoft is about as competent as a 15-man company at backing up critical data.
  • A system crashing and having to restore from an "older" backup is something that could happen to almost anybody.

    The one thing that got me in the article:

    "As many of you may have just noticed, our system just generated a bunch of emails informing many of you that you are subject to removal because Microsoft does not have evidence of a qualifying audit on file,"

    And that they then asked them to re-send the data....

    1) If I restore from an older backup, and know I may have (for example) lost payment data, I don'

  • Redmond appears to be morphing into a comedy of errors in the tech world.
  • Where is the evidence of any SSL/TLS certificates showing errors? Seems like total conjecture based on poor reading of this audit data request made by Microsoft.

    This is AUDIT data, not the actual cert info. Read the details of the audit requirements here: http://social.technet.microsoft.com/wiki/contents/articles/31635.microsoft-trusted-root-certificate-program-audit-requirements.aspx

    This just means that Microsoft lost the documentation showing that the Certificate Authorities had performed their annual aud

You know you've landed gear-up when it takes full power to taxi.

Working...