Years of accumulated security debt at Microsoft are seemingly crashing down upon the company in a manner that many critics warned about, but few ever believed would actually come to light.
Microsoft is an entrenched enterprise provider, owning nearly one-quarter of the global cloud infrastructure services market and, as of Q1 last year, nearly 20% of the worldwide SaaS application market, according to Synergy Research Group.
Though not immune to scandal, in the wake of two major nation-state breaches of its core enterprise platforms, Microsoft is facing one of its most serious reputational crises.
↫ David Jones at Cybersecurity Dive
It’s almost like having the entire US government dependent on a single vendor is a bad idea.
Just spitballing here.
While a bit of Microsoft bashing goes a long way. Let’s look at this in context:
Constant concerted efforts by state actors, but over decades, have had some limited success.
Linux, had a guy volunteer an make a backdoor because the maintainer of a key pillar of most distros wasn’t earning any money.
The reality for Microsoft is there still isn’t very much genuine competition to it in the OS space when working in certified environments. (like government). Redhat come closest, but quite a distant second.
The Main problem for Microsoft is actually that many of its customers don’t patch/upgrade.
You are really equating a failed attempt to put forward a backdoor targeting OpenSSH (and only when used with libsystemd) with actual severe consummated security breaches of Microsoft cloud services targeting high level government officials and agencies?
Man, these are not even the same stuff. Did you even read the article? It’s not even about Windows.
I did. Because they are related.
“federal Cyber Safety Review Board released a long-anticipated report which showed the company failed to prevent a massive 2023 hack of its Microsoft Exchange Online environment. The hack by a People’s Republic of China-linked espionage actor”
Please point me towards the alternative mail services that’s certified for use at high security institutions? I’d suggest their arnt. Any from the open source world.
Why are they not certified? Yes there is an element of money. But a far larger impact is the trust of those those contributing code.
Xz is a recent, public, manifestation of the true side of FUD. The Uncertainty and Doubt of those contributing to key parts of systems.
They had the same “wake up” moment during Windows XP era.
There were worms that would affect any Ethernet connected computer during setup. Before even being able to install any firewalls or other security software, your computer would be infected and spreading the worm to even more devices.
That led them to do more or less a “all hands red alert” on security and gave up XP SP2 along with a long stream of fixes and new tools: eventually a good firewall, a free antivirus (defender), patch Tuesday, and many others.
For historical reference:
https://en.wikipedia.org/wiki/Blaster_(computer_worm)
What that means is there is precedent for them to fix things very wlel… after they become a real mess.
gave us*
I agree that Windows is a dinosaur and this will more and more start to show.