The thread OP does not relate to a vulnerability in an OS.

"The vulnerability is in Microsoft Azure's flagship Cosmos DB database"

This is a point lost on too many people.

To the comment about how many vulnerabilities MS has, there are a litany of them for Apple and Linux as well. Each one found and fixed is one less to worry about.

I have not seen a successful OS/2, DOS (IBM or FREE), or CPM exploit in years, I have NEVER seen one for KOLIBRIOS. We are not talking about vulnerabilities, we are talking about actual breaches. At having breaches, Microsoft leads the pack by far. Part of that is that the environment is target rich for someone creating Microsoft breaches. More hardware that is vulnerable and poorly configured for security comes with Microsoft software than any other. Not that is is the only vulnerable target, but that it is the most COMMON most vulnerable target.

Of servers containing desirable data, the most vulnerable targets run on Microsoft systems. It is both the most common target, the easiest exploit, and the most tempting in general. All of this makes it likely to REMAIN the OS with the highest number of breaches for a good long time. Only in part because it is less secure than others, but mostly because it more successful at getting loaded onto machines that will hold data.

The fact is, 20th century OSes had basdically no security, as programmers concentrated on 'boldly going where no one had gone before' and not hackage. Once it was realised people were being hacked, spammed & robbed, Unix (linux/bsd/whatever) reacted a whole lot faster and better than other OSes - Apple & M$. CP/M, Dos, & OS/2 were dead by this stage, so they didn't react at all. I built HLFS in the early 2000s which had patches to implement

• Stack Overflow Protection
• Position independent Code Segments
• Position independent Executables.
• Many buffer overflow problems.

GCC & the kernel have made huge strides in security. Vulnerabilities now lie less in the C/C++ code and server programs, and more in individual packages (e.g. javascript), weak passwords, poor encryption, and the like. All fixed I/O (e.g. ISA cards, or software addresses) are gone, and low memory is protected. That requires a much larger amount of work on the part of a hacker. It's a fact that attacking encryption was not thought worth the effort when single core CPUs ran at Mhz. But with multicore CPUs running at Ghz, This Little Beast boasts 160 × Arm A-76 cores @ 3Ghz, and would certainly shorten tasks that could be suitably arranged. Much more so for password cracking. So the hacker is better armed. Exploits were discovered recently enough in wpa_supplicant and bash, and patches went up within a week. The best I've seen from M$ is 'Patch Tuesday.'

But a hacker doesn't have to bother cracking encryption to control a windows/Apple Box. In most cases, he can just use known exploits that have been reported to Apple or M$, and not fixed, or not fixed well enough. Apple have unpatched zero day exploits. Or they can grab a Google OS (Android, Chrome) or iOS, hack them and appear as legit in the eyes of some server. That's the way it's going: hack something soft, which is a trusted source.

In the hack of the Health Service Executive here in Ireland some months back, the backup servers were apparently on the same network as the boxes they were backing up. I have that from a tech insider.

An interesting search is: Unpatched zero day exploit +<OS>. I admit to not reading the search results.:redface:

• Windows has bucketfuls
• Apple has some, but seems to have patched more after years of neglect.
• Linux has some, but most remark on how difficult the bug is to exploit.
• Lastly, bug-hunters have noted many they found that are not patched yet, according to Slashdot. I remember reading it, but can't find the URL.

This link is interesting, though.

Doesn't mean there isn't one.
These things get reported in direct proportion to the popularity of the OS.

Also, hackers (the bad ones) aren't very interested in hacking any of these - no incentive.

Those were the points I hoped someone would take away. Advantage, the uncommon road: fewer highwaymen.

Kinda describes me in a pub. Being 6 foot 7 inches. I am usually guaranteed a interesting evening.

Being uniform does have it's advantages. No body notices you then. < except for Windows >

I get the same attention from the po po when on my motorcycle also.

Funny how folks look at this.

Run Windows and get hacked for being the norm.
Run Linux like a outlaw and nobody cares.

Kinda opposite?

^ Wrong analogy. Linux isn't illegal.

Let's try this one:

You ride a standard off-the-shelf big brand motorcycle, you can get spare parts everywhere, but you're alo likely to get scammed, and even more likely to get your bike stolen (because big brand, big numbers, easier to resell).

Or

You ride a rare brand of motorcycle you had to put together yourself, possibly with customisations, you are going to have a hrader time getting spare parts, but when you do you can be sure they're the real deal, and also your bike is less likely to get stolen because it's much harder to resell.

Another viewpoint on "Another Microsoft security breach! This is beginning to get boring.":
In 1980s this was shocking, in the 1990s it became boring.
Since 1999 this has just been normal and expected.

Security is a process. As long as people are studying computer software in search of exploitable bugs, other people have to be fighting a counter-offensive. This of course will never, ever stop. And, every computer operating system and programming language will always be susceptible. This isn't exactly "boring," but it is also not exactly "news."

sundialsvcs: very well said, thank you.

Indeed. BSD "fortunes gave me this in a definition of 'bug': The curse is that any server is a target, and the hacker can take as many shots at it as he likes. He only has to strike lucky once.

As we'rer on bugs, here's interesting stuff on Chinese mobiles
https://www.bbc.com/news/technology-58652249

That doesn't surprise me at all. The Chinese bug everything they make and all their social media channels spy on their users. That's why Huawei got kicked out of the UK 5G project.

Oh dear... Chinese competition are becoming such a big threat to "big tech"....

Last few paragraphs of the article quickly remind the reader of the recent tensions with regards to Taiwan. There is no mention of bugging - the Xiaomi devices apparently, according to the Lithuanians, have built in censorship, only relevant to China, which would obviously damage sales if it were enabled elsewhere... There is also some mention of usage stats being transmitted to somewhere in Singapore... so not so different to what Faecebook, Microsoft, Apple, google, Amazon, even Mozilla get up to...

The "Chinese phones" statement is also rather ironic considering all the big fabs for US, Japanese and Korean manufacturers are in China anyway.

It was actually the US - Trump - who threatened Johnson and the British over Huawei, prior to that the doors were wide open, for better or for worse.