Bonum Certa Men Certa

Microsoft Deserves a Medal for Being Worst at Security (the Media Deserves a Medal for Cover-up)

posted by Roy Schestowitz on Sep 26, 2023

Subscribe, Registration, Signup

THE mainstream media and Bill Gates-bribed 'media' (like BillBC) probably won't mention it, but some tech- and security-oriented Web sites did mention the latest Microsoft data breach [1-3] and yet another leak of business secrets [4] (i.e. the usual).

There are still corruptible/bribed publishers that quote Microsoft staff like they're security gurus and there's some collective stupidity associated with such a ludicrous narrative.

Apple is hardly better in that regard [5] and Google conflates automatic updates with "security" [6] (you cannot turn these down).

Cybersecurity, as it turns out, is no longer a hot job [7], the White House resorts to more/mere formalities [8] (yet hasn't formulated rules like a Microsoft ban), and proprietary software leaves a mess anywhere is goes [9-10]. Analyses and honeypots in Microsoft-centric sites try to blame underlying frameworks and networks, distracting from the bad programming of proprietary tools [11]. For instance, they like blaming "Go" for malware that's merely written in Go and if it gets onto GNU/Linux systems through holes in proprietary junk like VMware, they try to blame "Linux", not VMware.

If bad (misleading) media becomes the normal, then we should call out and shun it. The click-baiting word slingers have only themselves to blame for the general public becoming cynical about the media.

Related/contextual items from the news:

  1. Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages

    Exposed data includes backup of employees workstations, secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages.

  2. Microsoft accidentally exposes 38TB of internal data via GitHub repository
    Microsoft Corp. has accidentally made 38 terabytes of internal data, including passwords, publicly accessible through a GitHub repository. The data leak was detailed today by researchers from venture-backed cloud security startup Wiz Inc. The company originally discovered the issue on June 22 and reported it to Microsoft shortly thereafter.
  3. Microsoft AI researchers exposed sensitive signing keys, internal messages

    The 38 TB of data available via GitHub included 30,000 Teams messages and would've allowed an attacker to inject malicious code in AI models.

  4. Alleged Xbox Series X Refresh Revealed in Colossal FTC Court Docs Leak
    Microsoft is dropping the internal Blu-ray drive on the Xbox Series X refresh, upgrading the wireless radios, and improving power effiency.
  5. Apple Patches Three New 0-Day Vulnerabilities Affecting iOS/iPadOS/watchOS/macOS, (Thu, Sep 21st)

    This update patches three already exploited vulnerabilities:
    (1) CVE-2023-41993 Remote code execution in WebKit. This could be used as an initial access vector
    (2) CVE-2023-41992 Privilege Escalation. A follow-up after the initial access was achieved via the first vulnerability
    (3) CVE-2023-41991 Certificate Validation Issue. A malicious app installed via 1 and 2 may be more difficult to detect due to this vulnerability

  6. Google Extends Chromebook Lifespan, Promises 10 Years of Automatic Updates

    Google Chromebooks released from 2021 and onwards will receive automatic updates, including security patches, for 10 years.

  7. On the Cybersecurity Jobs Shortage

    In April, Cybersecurity Ventures reported on extreme cybersecurity job shortage:

    Global cybersecurity job vacancies grew by 350 percent, from one million openings in 2013 to 3.5 million in 2021, according to Cybersecurity Ventures. The number of unfilled jobs leveled off in 2022, and remains at 3.5 million in 2023, with more than 750,000 of those positions in the U.S. Industry efforts to source new talent and tackle burnout continues, but we predict that the disparity between demand and supply will remain through at least 2025.

  8. White House grapples with harmonizing thicket of cybersecurity rules

    The regulatory road to harmonizing regulations for 16 critical infrastructure sectors is long and treacherous one.

  9. Using Hacked LastPass Keys to Steal Cryptocurrency

    Remember last November, when hackers broke into the network for LastPass—a password database—and stole password vaults with both encrypted and plaintext data for over 25 million users?

  10. Security flaws in an SSO plugin for Caddy
    By Maciej Domanski, Travis Peters, and David Pokora We identified 10 security vulnerabilities within the caddy-security plugin for the Caddy web server that could enable a variety of high-severity attacks in web applications, including client-side code execution, OAuth replay attacks, and unauthorized access to resources.
  11. Scanning for Laravel - a PHP Framework for Web Artisants, (Sat, Sep 23rd)

    Today while reviewing my honeypot logs, I noticed an HTTP request for a directory this week I had not noticed before that included Laravel:

Other Recent Techrights' Posts

Mass Layoffs at IBM Today, Just Like Prominent Rumours Said Upfront
past couple of hours
IBM is Acting No Better Than Patent Trolls, Preying on Smaller Companies by Suing Them With Software Patents
No Red Hat employee should tolerate this aggression by the employer
Something Has Gone Very Wrong at iTWire
"iTWire has descended into marketing spam"
 
[Meme] Think. Positive. Saturate the Media.
IBM: Layoffs? What layoffs?
The Kubecost Acquisition Does Not Show IBM is Rich, It Shows It Wants to Distract From Mass Layoffs Happening This Week (Thousands Laid Off in the Dark)
So-called "news deserts" have become a national and international phenomenon (not local/regional)
IBM Has Been Lobbying for Software Patents, It's Not the Free Software Community's Ally
The ancient company has been lobbying for these patents for decades already
Over Half a Day Later the Media Still Doesn't Cover Thousands of Layoffs at IBM
Not even a single news site bothered to investigate and report this? Not even one?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, September 17, 2024
IRC logs for Tuesday, September 17, 2024
IBM Befriends and Exploits the Biggest Enemy of Software Freedom (Software Patents)
Software Patents and IBM in Today's News
Many Workers Quietly Leave Microsoft, the Company is Running Out of Money (Too Much Debt and Now Massive Buybacks to Keep the Shares From Collapsing While Hiding Humongous Losses)
I've heard of people who just decided to quit Microsoft. They could not handle the anxiety.
Links 17/09/2024: Volkswagen Layoffs May Exceed 15,000, Sean ‘Diddy’ Combs Arrested
Links for the day
Gemini Links 17/09/2024: Re-framing of Priorities and Journalists
Links for the day
The Linux Foundation is Associating Linux With Scams and With Scam Sites Right Now (Like the Wife of Jim Zemlin Did)
they profit from the sellouts
Google's YouTube Already Blocking People Who Block Ads
YouTube feels like it's dying
Links 17/09/2024: More on Microsoft Cuts and XBox Backward Compatibility Issues
Links for the day
The Hallmark of a Dying Company Running Low on Money (But Still Trying to Hide That)
Microsoft should look into selling red markers
UEFI 'Secure' Boot Has Put Security at Risk, Suggests New Report
We're vindicated once again
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, September 16, 2024
IRC logs for Monday, September 16, 2024
Links 17/09/2024: China Sanctions and Breadth of Latest Microsoft Layoffs Elaborated Upon
Links for the day
Gemini Links 17/09/2024: Small Improvements in Carbon Capture and Pseudo-Productivity In Java
Links for the day
'Open'AI Looks Like a Company Headed Towards Bankruptcy, Not IPO, Losses Grew Almost Tenfold in a Year (Yes, it's Just a Bubble Facilitated by Artificial Hype)
This isn't going to end well, especially not for Microsoft
Apple is Canceling Products, Services, Even Lays Off Staff in Large Numbers Every Few Months
Apple cancelling some more things
Later on Elon Musk Wonders Why Large Nations Block His Pet 'Social Control Media' (Incitement/Radicalisation) Platform...
This isn't a question of "censorship" because there's a call to kill
Microsoft: Layoffs Are Growth
Orwell would have loved this newspeak
Links 16/09/2024: Verizon Layoffs, 'Tram Driver Olympics', and Anniversary of Mahsa Amini's Death
Links for the day
Gemini Links 16/09/2024: ROOPHLOCH and MyGemini.Space
Links for the day
Invidious Instances Explain What Google/YouTube (Alphabet/Pentagon) Did To Them This Past Week
They're unambiguous about this
Dr. Richard M. Stallman (RMS) on How to Make People Care About Free Software and Why Prohibiting Proprietary Software Would Not Work
"maybe a similar general approach could work with non-Free software as a way of discouraging it from being a successful business."
Please Quit Uploading Event Talks (Especially of Free Software) to YouTube
This is enshittification
Links 16/09/2024: Shrinking Economy, Climate Issues, Soaring Energy Costs
Links for the day
'Former' Microsofter Jason Perlow Left Linux Foundation
The "communication" people from the Linux Foundation are basically scammers
MyGem Launched to Make Adoption of Gemini Protocol (With Gemini Hosting) a Lot Easier
a new week and also a new capsule
Disregard for History is Disregard for (Computer) Science
They're killing the real entrepreneurs and innovators
Dr. Richard M. Stallman (RMS) on His Hobbies and Health
Answering a question from the audience in Germany
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, September 15, 2024
IRC logs for Sunday, September 15, 2024
Gemini Links 16/09/2024: billsmugs.com Becomes rainywhile.net, Zaurus on Internet
Links for the day