Bonum Certa Men Certa

Microsoft Deserves a Medal for Being Worst at Security (the Media Deserves a Medal for Cover-up)

posted by Roy Schestowitz on Sep 26, 2023

Subscribe, Registration, Signup

THE mainstream media and Bill Gates-bribed 'media' (like BillBC) probably won't mention it, but some tech- and security-oriented Web sites did mention the latest Microsoft data breach [1-3] and yet another leak of business secrets [4] (i.e. the usual).

There are still corruptible/bribed publishers that quote Microsoft staff like they're security gurus and there's some collective stupidity associated with such a ludicrous narrative.

Apple is hardly better in that regard [5] and Google conflates automatic updates with "security" [6] (you cannot turn these down).

Cybersecurity, as it turns out, is no longer a hot job [7], the White House resorts to more/mere formalities [8] (yet hasn't formulated rules like a Microsoft ban), and proprietary software leaves a mess anywhere is goes [9-10]. Analyses and honeypots in Microsoft-centric sites try to blame underlying frameworks and networks, distracting from the bad programming of proprietary tools [11]. For instance, they like blaming "Go" for malware that's merely written in Go and if it gets onto GNU/Linux systems through holes in proprietary junk like VMware, they try to blame "Linux", not VMware.

If bad (misleading) media becomes the normal, then we should call out and shun it. The click-baiting word slingers have only themselves to blame for the general public becoming cynical about the media.

Related/contextual items from the news:

  1. Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages

    Exposed data includes backup of employees workstations, secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages.

  2. Microsoft accidentally exposes 38TB of internal data via GitHub repository
    Microsoft Corp. has accidentally made 38 terabytes of internal data, including passwords, publicly accessible through a GitHub repository. The data leak was detailed today by researchers from venture-backed cloud security startup Wiz Inc. The company originally discovered the issue on June 22 and reported it to Microsoft shortly thereafter.
  3. Microsoft AI researchers exposed sensitive signing keys, internal messages

    The 38 TB of data available via GitHub included 30,000 Teams messages and would've allowed an attacker to inject malicious code in AI models.

  4. Alleged Xbox Series X Refresh Revealed in Colossal FTC Court Docs Leak
    Microsoft is dropping the internal Blu-ray drive on the Xbox Series X refresh, upgrading the wireless radios, and improving power effiency.
  5. Apple Patches Three New 0-Day Vulnerabilities Affecting iOS/iPadOS/watchOS/macOS, (Thu, Sep 21st)

    This update patches three already exploited vulnerabilities:
    (1) CVE-2023-41993 Remote code execution in WebKit. This could be used as an initial access vector
    (2) CVE-2023-41992 Privilege Escalation. A follow-up after the initial access was achieved via the first vulnerability
    (3) CVE-2023-41991 Certificate Validation Issue. A malicious app installed via 1 and 2 may be more difficult to detect due to this vulnerability

  6. Google Extends Chromebook Lifespan, Promises 10 Years of Automatic Updates

    Google Chromebooks released from 2021 and onwards will receive automatic updates, including security patches, for 10 years.

  7. On the Cybersecurity Jobs Shortage

    In April, Cybersecurity Ventures reported on extreme cybersecurity job shortage:

    Global cybersecurity job vacancies grew by 350 percent, from one million openings in 2013 to 3.5 million in 2021, according to Cybersecurity Ventures. The number of unfilled jobs leveled off in 2022, and remains at 3.5 million in 2023, with more than 750,000 of those positions in the U.S. Industry efforts to source new talent and tackle burnout continues, but we predict that the disparity between demand and supply will remain through at least 2025.

  8. White House grapples with harmonizing thicket of cybersecurity rules

    The regulatory road to harmonizing regulations for 16 critical infrastructure sectors is long and treacherous one.

  9. Using Hacked LastPass Keys to Steal Cryptocurrency

    Remember last November, when hackers broke into the network for LastPass—a password database—and stole password vaults with both encrypted and plaintext data for over 25 million users?

  10. Security flaws in an SSO plugin for Caddy
    By Maciej Domanski, Travis Peters, and David Pokora We identified 10 security vulnerabilities within the caddy-security plugin for the Caddy web server that could enable a variety of high-severity attacks in web applications, including client-side code execution, OAuth replay attacks, and unauthorized access to resources.
  11. Scanning for Laravel - a PHP Framework for Web Artisants, (Sat, Sep 23rd)

    Today while reviewing my honeypot logs, I noticed an HTTP request for a directory this week I had not noticed before that included Laravel:

Other Recent Techrights' Posts

Inviting the Founder of GNU/Linux to Events (It Only Costs His Travel Expenses) and Recalling the True Origins
It's reassuring to see belated recognition
The Microsofters Have Just Shared Privileged Trial Data With Microsoft
There are serious ramifications for liability accountability as Microsoft salaries sponsor these SLAPPs
Trolls With LLM Slop Are Disrupting Communications About Mass Layoffs at IBM
LLM slop to drown out the signal
 
Links 17/05/2025: Microsoft Kills "Surface Laptop Studio" (More Canceled Products/Units), Groups Caution About Harms of Social Control Media
Links for the day
Gemini Links 17/05/2025: Sympathy Algorithm and SSH on Alternative Ports
Links for the day
Slopwatch: Microsoft's Anti-Linux Propaganda and Cover-up, Slopfarms Clogging Up Google News
slop-tracking activities that observe googlebombing of "Linux"
AstroTurfing by IBM in thelayoff.com is Highly Risky (and Likely Outsourced)
Microsoft did this in Reddit (and got caught), so why won't IBM too?
Links 17/05/2025: Stabber of Salman Rushdie Sentenced to 25 Years in Prison
Links for the day
Gemini Links 17/05/2025: Happier on Gemini and Manipulating Reddit
Links for the day
ComEd and Microsoft: A Mess of Spaghetti Held Together By Circus Clowns
Reprinted with permission from Ryan Farmer
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, May 16, 2025
IRC logs for Friday, May 16, 2025
Links 16/05/2025: Microsoft Sacks Pregnant Women, People Fired on Their Birthday; Adobe Censorship Failing
Links for the day
Gemini Links 16/05/2025: "Repairing Our Way out of Commodity Fetishism" and Pre-librebooted Computers
Links for the day
[Video] IBM Shakes Hands of Prince Mohammed bin Salman
handshake of loyalty
The SLAPPs From Microsofters Distract From Serious Copyright Infringement by Microsoft and Apparent Business Crimes
Aside from other issues, such as strangling women
Enshittification is Everywhere: You Pay More, the Services Get Worse
"Enshittification" is a term coined by an online friend; I increasingly use this term to describe what's happening even outside the realm of technology (which it was adopted to describe)
Microsoft Reduces Office Space Ahead of More Waves of Mass Layoffs
"The Gerstnerisation of Microsoft"
Anti-Linux FUD Produced by Microsoft LLMs to Blame "Linux" for Microsoft's Own Failures
We call out some of the worst culprits
Gemini Links 16/05/2025: Hoking GPS, Grabovac, and Tanana
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, May 15, 2025
IRC logs for Thursday, May 15, 2025
Microsoft WARN Notices Proliferate in the United States
From what we've seen, this wave was more than 3% (a lot more) and the next wave/s will be even bigger (possible as imminent as weeks from now), based on insider leaks
Links 15/05/2025: Google Betrays Publishers Again, Openwashing by Sysdig
Links for the day
Richard Stallman Still Respected by Many in the Libre Graphics Community
Richard Stallman and Professor Moglen never harmed anyone
If You Read Techrights, Then You Probably Want to Read Tux Machines as Well
That site is more active than this one
Gemini Links 15/05/2025: Forced Music in Publicly Accessible Space and ~silv is Online
Links for the day
Links 15/05/2025: KOSA Censorship (USA Becomes More Like KSA) and More National Cuts
Links for the day
Bing Might Shut Down - Just Like Skype Did - Some Time in the Coming Months/Years (Parts of It Already Shut Down)
they try to bring the losses under control
Your Real Ally Would Not Defend the Company of SLAPP and Strangling of Women
who's left to tell us what's true?
Breakdown of Microsoft Layoffs Shows It's About Cost, Not Performance or Hype (Like "AI")
MSN (Microsoft) reposted this with some unnecessary spin
The Lawyers Working for the Serial Strangler From Microsoft on SLAPPing Techrights Have Apparently Lost Their Voice
the moment we mentioned that their media lawyer is leaving they went all quiet in social control media
At IBM, Relocation Can be a Trick or a Trap (IBM Gets Rid of Staff Under the Guise of "Relo")
IBM is not being honest with employees
Microsoft Rumours: This Week's Scale of Layoffs "Higher Than Reported" and More Coming Soon ("A Lot More Severe" Than May's)
The "3%" figure is false
Slopwatch: Sloppy Brian, Brittany Slop, and General Observations
Creative people don't need slop; there's just nothing good about it, slop appeals to lazy people careless about quality
Over at Tux Machines...
GNU/Linux news for the past day
Beyond Mass Layoffs at Microsoft: Entire Units Shut Down for Good
And it's far from over
Links 15/05/2025: Crikvenica, Analog Computer, and Slop 'Hallucinations'
Links for the day
IRC Proceedings: Wednesday, May 14, 2025
IRC logs for Wednesday, May 14, 2025