Hello and welcome to the Thursday, September 7, 2020,

edition of the Sandcent Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from London, England.

Today I published a quick diary with some security-related DNS records.

Now, for example, CIA records that I don't really see used a lot, but certainly something that you should consider.

A couple readers are suggested additional records that I didn't sort of include in the original

post.

I'll probably add them after recording this podcast.

If you do have others, please let me know.

I may do some follow-up maybe next week or so.

If I don't find any good data, I probably have to collect it myself about how frequently

these particular records are being used.

Remember how Microsoft apparently had one of its consumer keys stolen that led to the compromise

of several email accounts, a month or two back.

Well, we now have a summary from Microsoft that outlines how this particular key was stolen.

Now, good for Microsoft to be open about this and to tell us what exactly happened.

What happened according to Microsoft was that system that held this

key, which was in a very isolated environment, as Microsoft describes it, crashed as a result

of the crash. A crash dump was created, and the key was not redacted from the crash dump as it was supposed to be due to a race condition.

Later, the crash dump was then moved to a less isolated environment for debugging purposes,

again assuming that there was no sensitive key material present in the crash dump.

In that more open environment, the threat actor was able to access the crash dump with

...