Microsoft called out for “blatantly negligent” cybersecurity practices - eviltoast

There’s been a string of security blunders in Azure in the last couple years but leaking a signing key and then trying to downplay it is really beyond the pale

    • stevedidwhat_infosec@infosec.pub
      link
      fedilink
      English
      arrow-up
      17
      arrow-down
      3
      ·
      1 year ago

      It the job of responsible company (especially one Microsoft’s size) to know that and plan for it accordingly.

      Risk management is hard baked into the infosec responsibility set, size isn’t an excuse

      • Phlogiston@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        Did you say, “Size doesn’t matter”?

        (FYI - in hear this excuse all the time at a large company. Somehow our complexity and scale is always an excuse people reach toward. And, as you say, our job from infosec is to shut that whining down.

      • sebinspace@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        1 year ago

        It can be if you don’t have the staff. If humans are the most vulnerable part of the system, you can’t stretch them too thin and expect them to be as effective in their role.

        • stevedidwhat_infosec@infosec.pub
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          1
          ·
          1 year ago

          That’s part of another issue which should’ve been handled prior to getting too big.

          Manageability is #1 when considering your growth, can’t imagine Microsoft chose to keep a “small staff” out of necessity.

          Perhaps fucking private Sting concerts for higher ups should be scrapped in favor of the employees they fired days prior to attending

    • ShittyBeatlesFCPres@lemmy.world
      link
      fedilink
      English
      arrow-up
      12
      arrow-down
      1
      ·
      1 year ago

      I don’t know what the US government runs on its most secure systems but with all the money we pay in taxes, I hope it’s not Windows, Linux, or macOS. I hope they scooped up some 80’s operating system no one would ever suspect and kept it going in parallel. Good luck hacking into a system with a fully custom version of Business Operating System that runs on 64 bit Motorola processors no one knows about but the CIA’s sysadmins.

      I know in reality they probably run Windows Vista on 12 year-old laptops or some shit and get hacked all the fucking time but I’d like to think someone had enough sense to not do that.

          • KairuByte@lemmy.world
            link
            fedilink
            English
            arrow-up
            15
            ·
            edit-2
            1 year ago

            You can have the most secure and secret OS in existence, and you’re failing miserably the moment it has unfettered access to the internet.

            On the flip side, literally any OS can be secure if it’s airgapped in a sealed room.

            There’s a happy medium in there, and that’s where most governments want to be.

      • Blamemeta@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        4
        ·
        1 year ago

        Nah, its a bunch of panasonic toughbook 30s. Except the Airforce, we get M1 Macbooks

    • Zeth0s@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      1 year ago

      Guy is talking about cloud. Azure is not the first cloud provider, it’s simply tha laziest