Bonum Certa Men Certa

Microsoft Deserves a Medal for Being Worst at Security (the Media Deserves a Medal for Cover-up)

posted by Roy Schestowitz on Sep 26, 2023

Subscribe, Registration, Signup

THE mainstream media and Bill Gates-bribed 'media' (like BillBC) probably won't mention it, but some tech- and security-oriented Web sites did mention the latest Microsoft data breach [1-3] and yet another leak of business secrets [4] (i.e. the usual).

There are still corruptible/bribed publishers that quote Microsoft staff like they're security gurus and there's some collective stupidity associated with such a ludicrous narrative.

Apple is hardly better in that regard [5] and Google conflates automatic updates with "security" [6] (you cannot turn these down).

Cybersecurity, as it turns out, is no longer a hot job [7], the White House resorts to more/mere formalities [8] (yet hasn't formulated rules like a Microsoft ban), and proprietary software leaves a mess anywhere is goes [9-10]. Analyses and honeypots in Microsoft-centric sites try to blame underlying frameworks and networks, distracting from the bad programming of proprietary tools [11]. For instance, they like blaming "Go" for malware that's merely written in Go and if it gets onto GNU/Linux systems through holes in proprietary junk like VMware, they try to blame "Linux", not VMware.

If bad (misleading) media becomes the normal, then we should call out and shun it. The click-baiting word slingers have only themselves to blame for the general public becoming cynical about the media.

Related/contextual items from the news:

  1. Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages

    Exposed data includes backup of employees workstations, secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages.

  2. Microsoft accidentally exposes 38TB of internal data via GitHub repository
    Microsoft Corp. has accidentally made 38 terabytes of internal data, including passwords, publicly accessible through a GitHub repository. The data leak was detailed today by researchers from venture-backed cloud security startup Wiz Inc. The company originally discovered the issue on June 22 and reported it to Microsoft shortly thereafter.
  3. Microsoft AI researchers exposed sensitive signing keys, internal messages

    The 38 TB of data available via GitHub included 30,000 Teams messages and would've allowed an attacker to inject malicious code in AI models.

  4. Alleged Xbox Series X Refresh Revealed in Colossal FTC Court Docs Leak
    Microsoft is dropping the internal Blu-ray drive on the Xbox Series X refresh, upgrading the wireless radios, and improving power effiency.
  5. Apple Patches Three New 0-Day Vulnerabilities Affecting iOS/iPadOS/watchOS/macOS, (Thu, Sep 21st)

    This update patches three already exploited vulnerabilities:
    (1) CVE-2023-41993 Remote code execution in WebKit. This could be used as an initial access vector
    (2) CVE-2023-41992 Privilege Escalation. A follow-up after the initial access was achieved via the first vulnerability
    (3) CVE-2023-41991 Certificate Validation Issue. A malicious app installed via 1 and 2 may be more difficult to detect due to this vulnerability

  6. Google Extends Chromebook Lifespan, Promises 10 Years of Automatic Updates

    Google Chromebooks released from 2021 and onwards will receive automatic updates, including security patches, for 10 years.

  7. On the Cybersecurity Jobs Shortage

    In April, Cybersecurity Ventures reported on extreme cybersecurity job shortage:

    Global cybersecurity job vacancies grew by 350 percent, from one million openings in 2013 to 3.5 million in 2021, according to Cybersecurity Ventures. The number of unfilled jobs leveled off in 2022, and remains at 3.5 million in 2023, with more than 750,000 of those positions in the U.S. Industry efforts to source new talent and tackle burnout continues, but we predict that the disparity between demand and supply will remain through at least 2025.

  8. White House grapples with harmonizing thicket of cybersecurity rules

    The regulatory road to harmonizing regulations for 16 critical infrastructure sectors is long and treacherous one.

  9. Using Hacked LastPass Keys to Steal Cryptocurrency

    Remember last November, when hackers broke into the network for LastPass—a password database—and stole password vaults with both encrypted and plaintext data for over 25 million users?

  10. Security flaws in an SSO plugin for Caddy
    By Maciej Domanski, Travis Peters, and David Pokora We identified 10 security vulnerabilities within the caddy-security plugin for the Caddy web server that could enable a variety of high-severity attacks in web applications, including client-side code execution, OAuth replay attacks, and unauthorized access to resources.
  11. Scanning for Laravel - a PHP Framework for Web Artisants, (Sat, Sep 23rd)

    Today while reviewing my honeypot logs, I noticed an HTTP request for a directory this week I had not noticed before that included Laravel:

Other Recent Techrights' Posts

EPO is Corrupt Like Always, What Changed is the Lack of Media Coverage (No Transparency Means No Democracy)
We need to revive online media and encourage dissent
[Meme] How NOT to Do Activism Online
So many self-professed liberals continue participating and driving traffic (ads) in X
Number of Libera.Chat Users (Simultaneously Online) Falls to Lowest Figure in Over 3 Years
Notice the downward trend/curve in recent months
Shedding Light on How the EPO Sheds Off Staff in Order to Grant Loads of Invalid (Fake) Patents in Europe
The people who decide on these policies lack a background in science
 
Why is UK Press Gazette Jingoistic About Plagiarists and LLM Slop Disguised as Journalism?
Press Gazette appears to be participating in the attack on honest journalism
In Central Africa, Which is Bigger Than Europe, Windows is About 5% in Terms of "Market Share"
they apparently got so fed up with colonialism
Communicating Outside of Skinnerboxes and Social Control Media
Tackling collective isolation and miscommunication (or communications being controlled by middlemen)
[Meme] Social Control Media is NOT Free Speech
It's time to discard that stupid argument that banning an abusive censor is "censorship"
Banning Not Only TikTok... if Not for FOMOC (Fear of Missing on Constituents)
It's a sort of addiction by peer pressure
Montenegro's Share of GNU/Linux Reaches All-Time High
We don't really know why, but that's just what the data from statCounter suggests
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, December 10, 2024
IRC logs for Tuesday, December 10, 2024
Yes, Of Course the Linux Foundation's OpenSSF Rejects Open Source and GNU/Linux (New Report)
longstanding tradition
Links 10/12/2024: Nvidia's Regulatory Woes, Trust Issues in LLMs (and Similar Recent Hype)
Links for the day
Gemini Links 10/12/2024: Lagrange 1.18.4 Released, New RNG
Links for the day
More Chatbot 'Articles' About Chatbots
Look what's happening to the Web...
Microsoft Falls to All-Time Lows in Cameroon
Windows down to just 4.6%
Brittany Day Still Uses Bots to 'Write' Articles (But Not All the Time)
it leads to a presumption of plagiarism
Links 10/12/2024: Trying "Hey Hi" With New Hype and Buzzwords, TikTok Bans Imminent
Links for the day
Google's CEO: LLMs' ‘Low-Hanging Fruit’ Now Exhausted
They basically tell shareholders not to expect returns on this hype
Microsoft Windows Falls to 11% in Senegal, an All-Time Low
In neighbouring countries (to the east of Senegal) the "market share" of Windows is even lower
The EPO's Corrupt Dealings With Microsoft Never Addressed, Only Worsened
it helps Microsoft spy on the competition and manipulate examiners dealing with its files
The Catching of Luigi Mangione Shows We Need Not Have More Surveillance (Than We Already Have; It's Excessive Anyway)
instead of saying surveillance is insufficient and thus we need more of it, now they can claim they have enough of it
[Teaser] Fate of Formalities Officers (FOs) at the EPO
Coming soon
Libre Liberia: Windows Down to 8% in Liberia
In Liberia, only about 1 in 12 Web requests seems to originate from Windows
Links 10/12/2024: Health, Politics, Economics, and More
Links for the day
Gemini Links 10/12/2024: LLM Plagiarism and "Flow" Review
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, December 09, 2024
IRC logs for Monday, December 09, 2024
EPO Salaries Reduced: EPO's “Sustainability” Clause "Cuts the Average Overall Adjustment for Staff by –41,8%."
What does this all mean for staff?
Google is Nuking Remaining Invidious Instances Again, Hoping to Force Everyone to Use Proprietary Spyware With DRM
This issue started a few hours ago
Microsoft's Grip on Armenia is Slipping, According to New Data From statCounter
Notice what happened to Windows - an all-time low
[Meme] Sloppy Plagiarism Full of Errors, Lacking Actual Comprehension
LLMs are not "AI"
More LLM Spam/Slop About LLM Spam/Slop
This is what the Web will become unless we expose those who contribute to the problem
Reforming Versus Rebooting Versus Destroying Institutions
At the moment we strive to expose the truth or shine light on pertinent facts
Expose Corrupt Insurance Companies, Don't Kill People
Murder gives them sympathy, makes the raiders seem like the victims
Microsoft's Windows is Pretty Much Dead in Haiti
Android has eaten Microsoft's lunch, Microsoft can't even eat crow
[Teaser] EPO Management Thinks Inflation in Europe is 0.2% Per Annum
Taming inflation by entirely ignoring it is like wrongly assuming that climate change (caused by human activity) can be overcome by not studying the effect of 8+ billion humans on this finite planet
Corporate Media Will Be Discarded and Eventually Die If It Keeps Doing "Bill Gates Sez" (or Similar) Pieces Instead of Journalism
"Superintelligence" does not even mean anything!
This Week We Focus Again on European Patent Office (EPO) Scandals
Nothing can stop us, not even a party or SLAPP
Links 09/12/2024: Health Care Anger and Power Vacuum in Syria
Links for the day
Links 09/12/2024: Burned, Uncertain Future, and Failure
Links for the day
[Meme] Write Code, Not Social Control Media
don't forget to 'like'
Links 09/12/2024: UnitedHealthcare C.E.O.'s Killer Still Unknown, Syrian Regime Change Completed
Links for the day
Site in Support of Richard Stallman Reminds People of the FSF's and Stallman's Support of Women
new updates
Microsoft: Target the Young (Get 'Em While They're Young)
Then they say Free software advocates are "extremists" and "rude"...
As of December 8th (23 Days Remaining), the FSF (Free Software Foundation, Inc.) Already a Third of the Way Toward Ambitious Funding Goal
FSF's memberships (or donations) drive is going a lot better than we anticipated
Why Mike Magee Created and Was Involved in So Many News Sites About Technology
British legend
In Memory of Mike Magee (1949-2024) and Our Best Wishes to The Register, Which He Founded in the 1990s
Months have passed since Magee died
Tunisia is Android, Windows is Waning There
Windows was measured below 20% in Tunisia
[Meme] Jeff Bezos Working From Home
"B**** please, publish articles in Washington Post about how working from home sucks"
'Remote' (From Home) Tech Workers Are More Productive for a Lot of Reasons
The Bezos-owned media should disclose its conflict of interest here
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, December 08, 2024
IRC logs for Sunday, December 08, 2024
No Wonder Microsoft's LinkedIn and Github Have So Many Layoffs, Permanent Office Closures
Traffic down, losses, probably never going to profit