Microsoft Authenticator is about to wipe work accounts from jailbroken/rooted phones automatically 👏.

amy@sk.girlthi.ng

@domi@donotsta.re @merill@infosec.exchange good guy microsoft protecting us from big scary threats whilst locking token protection (the primary defence to phishing your creds out) behind expensive entra licenses. be so fuckin fr

bernardsheppard@mastodon.au

@merill magisk module to hide root incoming in 3, 2, 1...

domi@donotsta.re

@amy@sk.girlthi.ng @merill@infosec.exchange microslop will save us all!

(they can't censor me here :^)

kuriko@wetdry.world

@domi @amy
@microsoft get them

amy@sk.girlthi.ng

@kuriko@wetdry.world @domi@donotsta.re @microsoft@lea.pet OH GOD OH FUCKK

resuna@ohai.social

@lnr @merill

When I worked at Halliburton I asked if there was any way to get email on my phone, and they said they didn't even support BYOD because having someone's phone locked out because it was being wiped right when they'd just been laid off was too evil for them.

xssfox@cloudisland.nz

@agowa338 @merill and someone attacking will still be able to grab the codes before being wiped because you just stop the app before dumping the data

zsapi@mastodon.social

@merill yeah sure, make sure we can't control our devices as we want to, but only as the duopoly/governments allow. Great step toward freedom and security /s

agowa338@chaos.social

@xssfox @merill

Ehm, the azure codes are a bit different than the TOTP ones. Their app also has a kinda proprietary auth code format too. I think it is mainly about them. As for all others you literally just have to store a picture of the QR-Code you used to set them up...

Edit: But yea, it probably will end in there being a shady cracked version of the Microsoft Authenticator App that continues to work on rooted phones...

pq1r@tech.lgbt

@merill this idiocy looks like something @GrapheneOS will want to respond to. Microsoft doesn't care if the OS has the latest patches, only that it was certified by the duopoly.

xssfox@cloudisland.nz

@agowa338 @merill sure but you can get the private data which is the core point of this protection

agowa338@chaos.social

@xssfox @merill

Haven't actually looked at how they're doing it. But yea, you can always crack these things.

All that they're doing by adding root detection is forcing people that can't do this themselves to download a modified version off of some shady backyard Russian forum or something...

czauner@social.vivaldi.net

@merill

Well another pretty bad idea. You seem to have quite a streak with those, lately.

Time to stock up with popcorn and wait for the fallout.

krazov@mstdn.social

@merill Whoa.

exilsarahl@chaos.social

@merill is this a threat or promise?

pa27@mastodon.social

@merill Who is using MS Auth anyway? Not me for sure! Another reason not to have or use an MS account...

merill@infosec.exchange

Wow. So a LOT of you folks are not happy.

The good news is your org can still allow you to use passkeys and other Authenticator apps.

gbargoud@masto.nyc

@fluffykittycat @merill

You can opt out any time by showing documentation that you are in the files (tangentially mentioned because they cited your work in an email does not count sorry)

thaodan@mastodon.social

@fluffykittycat @merill It's kind of a grey area. They are right that open bootloaders are a security issue but then also you can relock it on some devices.
In any case I don't think I would use the Microsoft Authentication app anyway unless I have to.

harrymutt@social.vivaldi.net

@merill

Hmm, I would never in my life install any M$ crap on my /e/OS ungoogled Fairphone. It's not rooted, but I guess it's also among the undesirables...

For authentication to our goddamn work accounts on M$, I use AEGIS. Or the standard authenticator on Linux Mint. Export/Import between the two works like a charm.

And it could well be that we are moving away from microslob in the not so far future. Unthinkable not so long ago. Halleluja!