Another Microsoft security breach! This is beginning to get boring.
GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Another Microsoft security breach! This is beginning to get boring.
This exploit was discovered by a security company called Wiz, so let's hope no great damage has been done. They found that some data held by Azure can be read, modified and deleted because of a fault in database software called CosmosDB. Users have been warned to change their access keys.
I guess their/Redmonds azure foray is running into glitches.
From the outside it looks like they've been moving line items from other areas in the budget to under the azure heading to fake the appearance of growth. From time to time, one also hears about layoffs in azure but never any hirings.
As for the boring aspect, although the last 25 years have been repetitious as far as M$ failures, the failures are getting more expensive and dangerous as M$ products creep into places they don't belong, such as anything mission critical anywhere. So in that context the part I find boring is the media's lack of coverage of the total cost of ownership of M$ products and the many alternatives which are faster, better, cheaper, easier, etc. all at once.
As for the "cloud", around 25 years ago, you couldn't convince any large business, let alone a multinational, to work with services that weren't self-hosted. That included various databases. Then as now the threat was that competitors could likely monitor the activities. The difference is that now, none in decision making positions care. They care so little that many even run M$ Exchange in place of e-mail thus giving their most pernicious competitor access to more or less all their written communications. The presence of M$ Exchange anywhere is a sign that no one reads the licensing, which in the case of M$ says flat out that they have access. And that's not counting "bug doors".
So a lot of the fault falls on the trade press, though much also on the post-secondary "education" system -- but I stop for now.
I wasn't much keeping an eye on anything M$ except maybe browsers and windows versions. I have no clue what azure even does, or fails to do.
It does strike me that M$ haven't a clue about security. Not even internet security. And the resistence among the user base to say, entering a password for what should be a secure operation is so great that it's clear users don't want it either. How would you educate the M$ user base to check md5sums of downloads?
You noitice, do you, that it's 2 linux users complaining about M$ Security? Do you see this sort of thing on M$ forums?
No but then I have nothing to do with M$ forums. I do note in the mainstream press that M$ is being allowed to shift the blame, and attention, away from their egregious and poor design onto various external entities. Years ago they used to blame "Linux people" for the break-ins and that was enough to apparently absolve M$ of any responsibility, or they would just blame those who reported problems for the same result. Now with the international climate like it is, they point to various nation state actors and sincethose nation states are problematic for many US politicians, the politicians are more than happy to let M$ shift the blame and thus facilitate M$ evasion of responsibility for the ransomware epidemic that they have more or less single handedly created for the world.
Years ago they used to blame "Linux people" for the break-ins and that was enough to apparently absolve M$ of any responsibility.
I remember reading, back in the '90s, an American article showing parents how to work out if their teenage son had become a hacker (by which they meant a criminal, not a computer nerd). It was the equivalent then of being radicalised. And one sure sign was that he had put something called "Linux" on his computer instead of using Windows like any civilised person.
I'm actually going to take issue with the thread title. Only "beginning to get boring"? I think it's been boring for 30 years. Does anyone remember those boot viruses that would infect everyone who read a floppy? Form, Ping Pong, CIH. CIH was actually nasty. It would overwrite your BIOS on April 26th, which in those days was the kiss of death.
I remember reading, back in the '90s, an American article showing parents how to work out if their teenage son had become a hacker (by which they meant a criminal, not a computer nerd). It was the equivalent then of being radicalised. And one sure sign was that he had put something called "Linux" on his computer instead of using Windows like any civilised person.
Since Microsoft tracks vulnerabilities using a 16 digit code with 36 values per digit [0-9,A-Z] I would not expect you to understand just how many Microsoft breaches have been detected since 1996, but take it for granted that the number is larger than the length of your attention span. No matter how good your focus. It got boring by 1999. There should be another word for what it is by now.
I remember reading, back in the '90s, an American article showing parents how to work out if their teenage son had become a hacker (by which they meant a criminal, not a computer nerd). It was the equivalent then of being radicalised. And one sure sign was that he had put something called "Linux" on his computer instead of using Windows like any civilised person.
I just made a web search on that and the first result was wikipedia's article on shitposting.
But i still can't find the actual article. It was pretty funny, but tbh I'm not amused by this type of "internet parody" (?) anymore, since it facilitates the birth of all sorts of crazy conspiration myths and ultimately created Q-Anon. Poe's Law is a serious problem.
Seriously, every operating system, specifically including Linux, is susceptible to security vulnerabilities, and so there are rather large teams of "white hat" researchers who are constantly looking for them. Whenever a "security update" is published for your distro, you should always apply it immediately, if not automatically.
All of these systems are internally so complex that it's not a matter of "whether" a new vulnerability exists.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.