•

Whistleblower Says Microsoft Dismissed Warnings About a Security Flaw That Russians Later Used to Hack U.S. Government

https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers

Former employee says software giant dismissed his warnings about a critical flaw because it feared losing government business. Russian hackers later used the weakness to breach the National Nuclear Security Administration, among others.

Whistleblower Says Microsoft Dismissed Warnings About a Security Flaw That Russians Later Used to Hack U.S. Government

12 comments

reddig33

•

Im going to laugh if this is what gets the feds to finally break up Microsoft into smaller separate companies.

Also remember when the feds used Unix on IBM machines? Maybe they should consider going back to Unix instead of commodity software that’s designed for small businesses.

nkat2112

•

If only the feds had some inkling, based on decades of history, that Microsoft might not manage security well...

All sarcasm aside, I wonder if there will be consequences for the dismissed warnings. I'm hoping so, because this is thoroughly inexcusable.

I appreciate the former employee for speaking out.

refurbishedrefurbisher

•

To be fair, they've handled security excellently on their Xbox consoles. 360 still hasn't had a software exploit after the King Kong exploit was patched (and even then, it needed a DVD drive that could play burned discs), and it was only recently that an Xbox One and Series kernel exploit was found, and that's limited to the SystemOS VM.

Basically, shove everything in virtual machines and it'll probably be fine. QubesOS does a very similar thing on the desktop side. If no running programs can access the host OS, then it's very unlikely that code execution on the host OS can occur, save for the very rare hypervisor escape exploits.

On Windows, macOS, and most Linux distros, everything runs on the host OS.

800XL

•

Use Unix instead of the privacy-invading billboard masquerading as useful software.

joojmachine

•

here's to hoping they don't get the boeing treatment

AnomalousBit

•

Microsoft has more holes than my dad’s underwear lately

neuracnu

•

The fact that this news follows layoffs may not be a coincidence.

https://www.reuters.com/technology/microsoft-lay-off-hundreds-azure-cloud-unit-business-insider-reports-2024-06-03/

alilbee

•

Eh, I bet it is. Not like layoffs are happening exclusively at Microsoft and the timeline for the security flaw and gov contract would be well before those layoffs were dreamed up. Hell, some of those employees likely weren't even hired yet.

TachyonTele

•

Well, stop sticking your junk in his underwear and it wouldn't be a problem.

AnomalousBit

•

The dude gets new underwear every Christmas, you try to get him to stop rolling around in the briar patch

Feathercrown

•

Man if only they weren't dependent on a closed-source megacorporation-created OS

Aurenkin

•

If only there were alternatives that were both safer and cheaper...