Server Snafu Makes Microsoft Beg For CA Audit Data From Its Partners

An anonymous reader writes: Microsoft, just like Google, Apple, and Mozilla, is part of the CA/BForum, an organization of web browser vendors and certification authorities (CAs). As a browser vendor, Microsoft maintains a list of authorized CAs and their respective root certificates. According to a message on the CA/BForum, there was an error on the server that was running a CRM application that managed this list of trusted certificates and the adjacent details regarding each certificate and CA. The data is lost forever and Microsoft is now asking CAs to resend their most recent audits. Currently a lot of certs are broken in Edge and IE. Microsoft says that it lost audit data for 147 root certificates, which resulted in many SSL/TLS certificates showing errors inside the company's products.

wtf

[lastman71]

Seriously. No backup?

Re:wtf

[Forever+Wondering]

Seriously. No backup?

Maybe they used Azure for their backup ...

Re:wtf

[Forever+Wondering]

Actually, what seems to have happened is that they _did_ have a backup. But, they had to roll back to an old one.

Re:wtf

This might be the correct explanation. I have seen the technology management to actually trust on their "the cloud is the backup" fairytale. And then we lost data multiple times thanks to software or administration errors which deleted the data from all replicates. After fourth data loss the dumb ass management started to plan a real write-only backup system. Thankfully I don''t work on that company anymore as the management is still there planning for their next failures.

Re:wtf

[unrtst]

... rolled back to an old backup. As a result, we lost audit data for about 147 roots.

How the fuck are there that many changes for root CA's withing the period of one backup?

Re:wtf

[fustakrakich]

It should be on their OneDrive... you know, in the cloud

Really, just how brittle is this "Internet"? And how will Microsoft verify these certificates? Hmmm?

Re:wtf

[zopper]

So instead of people, into whom you invested a lot right now (fixing the shit), and who will be much more careful next time, you hire a bunch of new people who will do a similar mistake in few years... Everyone can make a mistake. Good employees will learn from it.

Re:wtf

[gmack]

It's Microsoft. Data loss from lack of backups is has happened to them before. Unfortunately they didn't learn from past mistakes.

Re:wtf

[Sarten-X]

There are fallbacks, backups, and disaster recovery mechanisms. They are three different things, with three different purposes, and managers love to confuse them.

Re: wtf

[WarJolt]

Manually.

Backups should never be read by the server to ensure it has no dependency on the data.

Backup should never be overwritten by the server to protect the backup.

Backups should be independent verified for completeness because servers and engineers do unexpected things.

I just made that up, but it sounds about right.

Re:wtf

[macs4all]

Actually, what seems to have happened is that they _did_ have a backup. But, they had to roll back to an old one.

Sounds like the excuse I'd give if I was worrying about keeping my job.

Re: wtf

[arglebargle_xiv]

This bit doesn't sound right:

Backups should never be read by the server to ensure it has no dependency on the data.

If you never read your backups, how do you verify that the data was successfully backed up? I've seen dual-backup systems fail because, after several years of apparent backups, when the data was needed it turned out that nothing (copy #1) and the wrong data (copy #2) had been backed up.

chrome

[bugs2squash]

can't they just download chrome or firefox and get the equivalent list.

Re:chrome

They aren't missing the certificate data, but rather the audit data associated with those certificates which is NOT stored with the certificates that are on computers everywhere. The summary is a bit misleading on that point.

Re:What a joke

[Etherwalk]

I wonder if these are the same people making gui design decisions for windows 10.. I bet the same department head signs both teams' checks.

They have 118,000 employees. Blaming them all is like blaming the army when you don't get your social security check.

Passive voice to the rescue

[DNS-and-BIND]

"there was an error on the server" "Our CRM system suffered a data loss" way to state the fact that a major company like Microsoft can't even run their own systems correctly. Well where are the fucking backups? Whoopsy-doodle! Looks like Microsoft is about as competent as a 15-man company at backing up critical data.

Re:Exaggerated?

[Gerv]

It a load of rubbish from the original author. There's no reason whatsoever that loss of this data would cause problems in IE or Edge. Removing roots from MS's program doesn't happen without human input.

Re:funniest thing

[greenfruitsalad]

stories such as this make me smirk but also check if my backups are working properly. they are. back to smirking.

but seriously, how often do people normally back up? my /home directory is on a NAS with ZFS and keeps 24 hourly snapshots, 7 daily snapshots, 4 weekly snapshots and 6 monthly ones. this gets automatically synced to my secondary (backup) NAS and once a week i manually sync it to a nas at my parents' house. i lost all my data in the late 90s and never want to go through that experience again.