Another Microsoft security breach! This is beginning to get boring.
This exploit was discovered by a security company called Wiz, so let's hope no great damage has been done. They found that some data held by Azure can be read, modified and deleted because of a fault in database software called CosmosDB. Users have been warned to change their access keys.
https://www.reuters.com/technology/e...ls-2021-08-26/ |
Maybe repost it in the Windows vs Linux thread?
I read on how they did it. https://www.wiz.io/blog/chaosdb-how-...mers-databases This is why my bike tuner laptop stays off line. As much as possible. I guess their/Redmonds azure foray is running into glitches. https://azure.microsoft.com/en-us/ |
I've never understood this "cloud" business. Why do people suppose that their data is more secure on someone else's server than on their own?
|
Quote:
As for the boring aspect, although the last 25 years have been repetitious as far as M$ failures, the failures are getting more expensive and dangerous as M$ products creep into places they don't belong, such as anything mission critical anywhere. So in that context the part I find boring is the media's lack of coverage of the total cost of ownership of M$ products and the many alternatives which are faster, better, cheaper, easier, etc. all at once. As for the "cloud", around 25 years ago, you couldn't convince any large business, let alone a multinational, to work with services that weren't self-hosted. That included various databases. Then as now the threat was that competitors could likely monitor the activities. The difference is that now, none in decision making positions care. They care so little that many even run M$ Exchange in place of e-mail thus giving their most pernicious competitor access to more or less all their written communications. The presence of M$ Exchange anywhere is a sign that no one reads the licensing, which in the case of M$ says flat out that they have access. And that's not counting "bug doors". So a lot of the fault falls on the trade press, though much also on the post-secondary "education" system -- but I stop for now. |
I wasn't much keeping an eye on anything M$ except maybe browsers and windows versions. I have no clue what azure even does, or fails to do.
It does strike me that M$ haven't a clue about security. Not even internet security. And the resistence among the user base to say, entering a password for what should be a secure operation is so great that it's clear users don't want it either. How would you educate the M$ user base to check md5sums of downloads? You noitice, do you, that it's 2 linux users complaining about M$ Security? Do you see this sort of thing on M$ forums? |
No but then I have nothing to do with M$ forums. I do note in the mainstream press that M$ is being allowed to shift the blame, and attention, away from their egregious and poor design onto various external entities. Years ago they used to blame "Linux people" for the break-ins and that was enough to apparently absolve M$ of any responsibility, or they would just blame those who reported problems for the same result. Now with the international climate like it is, they point to various nation state actors and sincethose nation states are problematic for many US politicians, the politicians are more than happy to let M$ shift the blame and thus facilitate M$ evasion of responsibility for the ransomware epidemic that they have more or less single handedly created for the world.
|
Quote:
|
I'm actually going to take issue with the thread title. Only "beginning to get boring"? I think it's been boring for 30 years. Does anyone remember those boot viruses that would infect everyone who read a floppy? Form, Ping Pong, CIH. CIH was actually nasty. It would overwrite your BIOS on April 26th, which in those days was the kiss of death.
|
Quote:
|
Microsoft without security breaches is like Hardy without Laurel.
"Here's another fine mess you've gotten me into!" |
Since Microsoft tracks vulnerabilities using a 16 digit code with 36 values per digit [0-9,A-Z] I would not expect you to understand just how many Microsoft breaches have been detected since 1996, but take it for granted that the number is larger than the length of your attention span. No matter how good your focus. It got boring by 1999. There should be another word for what it is by now.
|
Quote:
But i still can't find the actual article. It was pretty funny, but tbh I'm not amused by this type of "internet parody" (?) anymore, since it facilitates the birth of all sorts of crazy conspiration myths and ultimately created Q-Anon. Poe's Law is a serious problem. |
1 Attachment(s)
Quote:
|
Quote:
I don't even think that article is a parody. |
Seriously, every operating system, specifically including Linux, is susceptible to security vulnerabilities, and so there are rather large teams of "white hat" researchers who are constantly looking for them. Whenever a "security update" is published for your distro, you should always apply it immediately, if not automatically.
All of these systems are internally so complex that it's not a matter of "whether" a new vulnerability exists. |
All times are GMT -5. The time now is 08:23 PM. |