đź‘ŤMaximum Derekđź‘ŤAug 3, 2023

Microsoft called out for “blatantly negligent” cybersecurity practices

https://discuss.tchncs.de/post/1375560

Microsoft called out for “blatantly negligent” cybersecurity practices - tchncs

There’s been a string of security blunders in Azure in the last couple years but leaking a signing key and then trying to downplay it is really beyond the pale

Show threadsebinspace
Not surprising, MS probably have one of the largest attack surfaces of any entity
Aug 3, 2023 at 10:55pmWeb
Show threadZorqueAug 3, 2023
Yeah, but the NFL kept calling them attack ipads.
Show threadstevedidwhat_infosecAug 3, 2023

It the job of responsible company (especially one Microsoft’s size) to know that and plan for it accordingly.

Risk management is hard baked into the infosec responsibility set, size isn’t an excuse

Show threadPhlogistonAug 4, 2023

Did you say, “Size doesn’t matter”?

(FYI - in hear this excuse all the time at a large company. Somehow our complexity and scale is always an excuse people reach toward. And, as you say, our job from infosec is to shut that whining down.

Show threadShittyBeatlesFCPresAug 3, 2023

I don’t know what the US government runs on its most secure systems but with all the money we pay in taxes, I hope it’s not Windows, Linux, or macOS. I hope they scooped up some 80’s operating system no one would ever suspect and kept it going in parallel. Good luck hacking into a system with a fully custom version of Business Operating System that runs on 64 bit Motorola processors no one knows about but the CIA’s sysadmins.

I know in reality they probably run Windows Vista on 12 year-old laptops or some shit and get hacked all the fucking time but I’d like to think someone had enough sense to not do that.

Show threadaverage650Aug 3, 2023
The OS they choose is really not the most important part of its most secure systems.
Show threadShittyBeatlesFCPresAug 4, 2023
Ok, fine. Then I hope they use paper and guns to protect secrets.
Show threadKairuByteAug 4, 2023

You can have the most secure and secret OS in existence, and you’re failing miserably the moment it has unfettered access to the internet.

And OS can be secure if it’s airgapped in a sealed room.

There’s a happy medium in there, and that’s where most governments want to be.

Show threadBlamemetaAug 4, 2023
Nah, its a bunch of panasonic toughbook 30s. Except the Airforce, we get M1 Macbooks
Show threadZeth0sAug 4, 2023
Guy is talking about cloud. Azure is not the first cloud provider, it’s simply tha laziest
Show threadCapraObscuraAug 4, 2023
Not even remotely. Pay some attention. There is basically no security in any cloud service and if you put your data on someone else’s server just assume it’s going to immediately be sucked up by threat actors.