Bonum Certa Men Certa

Microsoft Deserves a Medal for Being Worst at Security (the Media Deserves a Medal for Cover-up)

posted by Roy Schestowitz on Sep 26, 2023

Subscribe, Registration, Signup

THE mainstream media and Bill Gates-bribed 'media' (like BillBC) probably won't mention it, but some tech- and security-oriented Web sites did mention the latest Microsoft data breach [1-3] and yet another leak of business secrets [4] (i.e. the usual).

There are still corruptible/bribed publishers that quote Microsoft staff like they're security gurus and there's some collective stupidity associated with such a ludicrous narrative.

Apple is hardly better in that regard [5] and Google conflates automatic updates with "security" [6] (you cannot turn these down).

Cybersecurity, as it turns out, is no longer a hot job [7], the White House resorts to more/mere formalities [8] (yet hasn't formulated rules like a Microsoft ban), and proprietary software leaves a mess anywhere is goes [9-10]. Analyses and honeypots in Microsoft-centric sites try to blame underlying frameworks and networks, distracting from the bad programming of proprietary tools [11]. For instance, they like blaming "Go" for malware that's merely written in Go and if it gets onto GNU/Linux systems through holes in proprietary junk like VMware, they try to blame "Linux", not VMware.

If bad (misleading) media becomes the normal, then we should call out and shun it. The click-baiting word slingers have only themselves to blame for the general public becoming cynical about the media.

Related/contextual items from the news:

  1. Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages

    Exposed data includes backup of employees workstations, secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages.

  2. Microsoft accidentally exposes 38TB of internal data via GitHub repository
    Microsoft Corp. has accidentally made 38 terabytes of internal data, including passwords, publicly accessible through a GitHub repository. The data leak was detailed today by researchers from venture-backed cloud security startup Wiz Inc. The company originally discovered the issue on June 22 and reported it to Microsoft shortly thereafter.
  3. Microsoft AI researchers exposed sensitive signing keys, internal messages

    The 38 TB of data available via GitHub included 30,000 Teams messages and would've allowed an attacker to inject malicious code in AI models.

  4. Alleged Xbox Series X Refresh Revealed in Colossal FTC Court Docs Leak
    Microsoft is dropping the internal Blu-ray drive on the Xbox Series X refresh, upgrading the wireless radios, and improving power effiency.
  5. Apple Patches Three New 0-Day Vulnerabilities Affecting iOS/iPadOS/watchOS/macOS, (Thu, Sep 21st)

    This update patches three already exploited vulnerabilities:
    (1) CVE-2023-41993 Remote code execution in WebKit. This could be used as an initial access vector
    (2) CVE-2023-41992 Privilege Escalation. A follow-up after the initial access was achieved via the first vulnerability
    (3) CVE-2023-41991 Certificate Validation Issue. A malicious app installed via 1 and 2 may be more difficult to detect due to this vulnerability

  6. Google Extends Chromebook Lifespan, Promises 10 Years of Automatic Updates

    Google Chromebooks released from 2021 and onwards will receive automatic updates, including security patches, for 10 years.

  7. On the Cybersecurity Jobs Shortage

    In April, Cybersecurity Ventures reported on extreme cybersecurity job shortage:

    Global cybersecurity job vacancies grew by 350 percent, from one million openings in 2013 to 3.5 million in 2021, according to Cybersecurity Ventures. The number of unfilled jobs leveled off in 2022, and remains at 3.5 million in 2023, with more than 750,000 of those positions in the U.S. Industry efforts to source new talent and tackle burnout continues, but we predict that the disparity between demand and supply will remain through at least 2025.

  8. White House grapples with harmonizing thicket of cybersecurity rules

    The regulatory road to harmonizing regulations for 16 critical infrastructure sectors is long and treacherous one.

  9. Using Hacked LastPass Keys to Steal Cryptocurrency

    Remember last November, when hackers broke into the network for LastPass—a password database—and stole password vaults with both encrypted and plaintext data for over 25 million users?

  10. Security flaws in an SSO plugin for Caddy
    By Maciej Domanski, Travis Peters, and David Pokora We identified 10 security vulnerabilities within the caddy-security plugin for the Caddy web server that could enable a variety of high-severity attacks in web applications, including client-side code execution, OAuth replay attacks, and unauthorized access to resources.
  11. Scanning for Laravel - a PHP Framework for Web Artisants, (Sat, Sep 23rd)

    Today while reviewing my honeypot logs, I noticed an HTTP request for a directory this week I had not noticed before that included Laravel:

Other Recent Techrights' Posts

[Meme] One Person, Singular Pronoun
Abusing people into abusing the English language is very poor diplomacy
New Article From Richard Stallman Explains Why He Says He and She for Unknown Person (Not 'They')
"Nowadays I use gender-neutral singular pronouns for a person whose gender I don't know"
Lookout, It's Outlook
Outlook is all about the sharing!
Updated A Month Ago: Richard Stallman on Software Patents as Obstacles to Software Development
very recent update
Is BlueMail a Client of ZDNet Now?
Let's examine what BlueMail does to promote itself
Site Priorities and Upcoming Improvements
pages are served very fast
Ending Software Patents in Recent Years (Software Freedom Fighters MIA)
not a resolved issue
IRC Proceedings: Wednesday, November 29, 2023
IRC logs for Wednesday, November 29, 2023
Over at Tux Machines...
GNU/Linux news
Links 30/11/2023: Rushing Patent Cases With Shorter Trial Scheme (STS), Sanctions Not Working
Links for the day
Links 30/11/2023: Google Purging Many Accounts and Content (to Save Money), Finland Fully Seals Border With Russia
Links for the day
The 'Smart' Attack on Power Grid Neutrality (or the Wet Dream of Tiered Pricing for Power, Essentially Punishing Poorer Households for Exercising Freedom Like Richer Households)
The dishonest marketing people tell us the age of disservice and discrimination is all about "smart" and "Hey Hi" (AI) as in algorithms akin to traffic-shaping in the context of network neutrality
Links 29/11/2023: VMware Layoffs and Too Many Microsofters Going Inside Google
Links for the day
Just What LINUX.COM Needed After Over a Month of Inactivity: SPAM SPAM SPAM (Linux Brand as a Spamfarm)
It's not even about Linux
Microsoft “Discriminated Based on Sexuality”
Relevant, as they love lecturing us on "diversity" and "inclusion"...
IRC Proceedings: Tuesday, November 28, 2023
IRC logs for Tuesday, November 28, 2023
Media Cannot Tell the Difference Between Microsoft and Iran
a platform with back doors
Links 28/11/2023: New Zealand's Big Tobacco Pivot and Google Mass-Deleting Accounts
Links for the day
Justice is Still the Main Goal
The skulduggery seems to implicate not only Microsoft
OpenBSD Says That Even on Linux, Wayland Still Has a Number of Rough Edges (But IBM Wants to Make X Extinct)
IBM tries to impose unready software on users
[Teaser] Next Week's Part in the Series About Anti-Free Software Militants
an effort to 'cancel' us and spy on us
Over at Tux Machines...
GNU/Linux news
This work is licensed under a Creative Commons Attribution 4.0 International License
Professor Eben Moglen on How Social Control Media Metabolises Humans and Constraints Freedom of Thought
Nothing of value would be lost if all these data-harvesting giants (profiling people) vanished overnight
IRC Proceedings: Monday, November 27, 2023
IRC logs for Monday, November 27, 2023
When Microsoft Blocks Your Access to Free Software
"Linux is a cancer that attaches itself in an intellectual property sense to everything it touches." [Chicago Sun-Times]
Techrights Statement on 'Cancel Culture' Going Out of Control
relates to a discussion we had in IRC last night
Stuff People Write About Linux
revisionist pieces
Links 28/11/2023: Rosy Crow 1.4.3 and Google Drive Data Loss
Links for the day