LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


Reply
  Search this Thread
Old 08-27-2021, 11:22 AM   #1
hazel
LQ Guru
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 5,707
Blog Entries: 16

Rep: Reputation: 3385Reputation: 3385Reputation: 3385Reputation: 3385Reputation: 3385Reputation: 3385Reputation: 3385Reputation: 3385Reputation: 3385Reputation: 3385Reputation: 3385
Another Microsoft security breach! This is beginning to get boring.


This exploit was discovered by a security company called Wiz, so let's hope no great damage has been done. They found that some data held by Azure can be read, modified and deleted because of a fault in database software called CosmosDB. Users have been warned to change their access keys.

https://www.reuters.com/technology/e...ls-2021-08-26/
 
Old 08-27-2021, 03:52 PM   #2
rokytnji
LQ Veteran
 
Registered: Mar 2008
Location: Waaaaay out West Texas
Distribution: AntiX 19
Posts: 6,356
Blog Entries: 21

Rep: Reputation: 3199Reputation: 3199Reputation: 3199Reputation: 3199Reputation: 3199Reputation: 3199Reputation: 3199Reputation: 3199Reputation: 3199Reputation: 3199Reputation: 3199
Maybe repost it in the Windows vs Linux thread?
I read on how they did it.
https://www.wiz.io/blog/chaosdb-how-...mers-databases

This is why my bike tuner laptop stays off line. As much as possible.

I guess their/Redmonds azure foray is running into glitches.
https://azure.microsoft.com/en-us/
 
Old 08-28-2021, 05:26 AM   #3
hazel
LQ Guru
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 5,707

Original Poster
Blog Entries: 16

Rep: Reputation: 3385Reputation: 3385Reputation: 3385Reputation: 3385Reputation: 3385Reputation: 3385Reputation: 3385Reputation: 3385Reputation: 3385Reputation: 3385Reputation: 3385
I've never understood this "cloud" business. Why do people suppose that their data is more secure on someone else's server than on their own?
 
Old 08-28-2021, 06:49 AM   #4
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,787
Blog Entries: 3

Rep: Reputation: 3007Reputation: 3007Reputation: 3007Reputation: 3007Reputation: 3007Reputation: 3007Reputation: 3007Reputation: 3007Reputation: 3007Reputation: 3007Reputation: 3007
Quote:
Originally Posted by rokytnji View Post
I guess their/Redmonds azure foray is running into glitches.
From the outside it looks like they've been moving line items from other areas in the budget to under the azure heading to fake the appearance of growth. From time to time, one also hears about layoffs in azure but never any hirings.

As for the boring aspect, although the last 25 years have been repetitious as far as M$ failures, the failures are getting more expensive and dangerous as M$ products creep into places they don't belong, such as anything mission critical anywhere. So in that context the part I find boring is the media's lack of coverage of the total cost of ownership of M$ products and the many alternatives which are faster, better, cheaper, easier, etc. all at once.

As for the "cloud", around 25 years ago, you couldn't convince any large business, let alone a multinational, to work with services that weren't self-hosted. That included various databases. Then as now the threat was that competitors could likely monitor the activities. The difference is that now, none in decision making positions care. They care so little that many even run M$ Exchange in place of e-mail thus giving their most pernicious competitor access to more or less all their written communications. The presence of M$ Exchange anywhere is a sign that no one reads the licensing, which in the case of M$ says flat out that they have access. And that's not counting "bug doors".

So a lot of the fault falls on the trade press, though much also on the post-secondary "education" system -- but I stop for now.
 
Old 08-29-2021, 06:09 AM   #5
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware, RPi OS, Mint & Android
Posts: 13,104

Rep: Reputation: 1753Reputation: 1753Reputation: 1753Reputation: 1753Reputation: 1753Reputation: 1753Reputation: 1753Reputation: 1753Reputation: 1753Reputation: 1753Reputation: 1753
I wasn't much keeping an eye on anything M$ except maybe browsers and windows versions. I have no clue what azure even does, or fails to do.

It does strike me that M$ haven't a clue about security. Not even internet security. And the resistence among the user base to say, entering a password for what should be a secure operation is so great that it's clear users don't want it either. How would you educate the M$ user base to check md5sums of downloads?

You noitice, do you, that it's 2 linux users complaining about M$ Security? Do you see this sort of thing on M$ forums?
 
Old 08-29-2021, 06:38 AM   #6
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,787
Blog Entries: 3

Rep: Reputation: 3007Reputation: 3007Reputation: 3007Reputation: 3007Reputation: 3007Reputation: 3007Reputation: 3007Reputation: 3007Reputation: 3007Reputation: 3007Reputation: 3007
No but then I have nothing to do with M$ forums. I do note in the mainstream press that M$ is being allowed to shift the blame, and attention, away from their egregious and poor design onto various external entities. Years ago they used to blame "Linux people" for the break-ins and that was enough to apparently absolve M$ of any responsibility, or they would just blame those who reported problems for the same result. Now with the international climate like it is, they point to various nation state actors and sincethose nation states are problematic for many US politicians, the politicians are more than happy to let M$ shift the blame and thus facilitate M$ evasion of responsibility for the ransomware epidemic that they have more or less single handedly created for the world.
 
Old 08-29-2021, 07:16 AM   #7
hazel
LQ Guru
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 5,707

Original Poster
Blog Entries: 16

Rep: Reputation: 3385Reputation: 3385Reputation: 3385Reputation: 3385Reputation: 3385Reputation: 3385Reputation: 3385Reputation: 3385Reputation: 3385Reputation: 3385Reputation: 3385
Quote:
Originally Posted by Turbocapitalist View Post
Years ago they used to blame "Linux people" for the break-ins and that was enough to apparently absolve M$ of any responsibility.
I remember reading, back in the '90s, an American article showing parents how to work out if their teenage son had become a hacker (by which they meant a criminal, not a computer nerd). It was the equivalent then of being radicalised. And one sure sign was that he had put something called "Linux" on his computer instead of using Windows like any civilised person.

Last edited by hazel; 08-29-2021 at 07:18 AM.
 
Old 08-29-2021, 11:56 AM   #8
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware, RPi OS, Mint & Android
Posts: 13,104

Rep: Reputation: 1753Reputation: 1753Reputation: 1753Reputation: 1753Reputation: 1753Reputation: 1753Reputation: 1753Reputation: 1753Reputation: 1753Reputation: 1753Reputation: 1753
I'm actually going to take issue with the thread title. Only "beginning to get boring"? I think it's been boring for 30 years. Does anyone remember those boot viruses that would infect everyone who read a floppy? Form, Ping Pong, CIH. CIH was actually nasty. It would overwrite your BIOS on April 26th, which in those days was the kiss of death.
 
Old 08-30-2021, 04:34 PM   #9
cynwulf
Senior Member
 
Registered: Apr 2005
Location: Walsall, UK
Posts: 2,656
Blog Entries: 7

Rep: Reputation: 2192Reputation: 2192Reputation: 2192Reputation: 2192Reputation: 2192Reputation: 2192Reputation: 2192Reputation: 2192Reputation: 2192Reputation: 2192Reputation: 2192
Quote:
Originally Posted by hazel View Post
I remember reading, back in the '90s, an American article showing parents how to work out if their teenage son had become a hacker (by which they meant a criminal, not a computer nerd). It was the equivalent then of being radicalised. And one sure sign was that he had put something called "Linux" on his computer instead of using Windows like any civilised person.
That article was purely satirical...
 
Old 08-31-2021, 09:40 AM   #10
brianL
LQ 5k Club
 
Registered: Jan 2006
Location: Oldham, Lancs, England
Distribution: Slackware & Slackware64 14.2 & current
Posts: 7,962
Blog Entries: 60

Rep: Reputation: Disabled
Microsoft without security breaches is like Hardy without Laurel.
"Here's another fine mess you've gotten me into!"
 
Old 08-31-2021, 11:25 AM   #11
wpeckham
Senior Member
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, VSIDo, tinycore, Q4OS,Manjaro
Posts: 3,951

Rep: Reputation: 1823Reputation: 1823Reputation: 1823Reputation: 1823Reputation: 1823Reputation: 1823Reputation: 1823Reputation: 1823Reputation: 1823Reputation: 1823Reputation: 1823
Since Microsoft tracks vulnerabilities using a 16 digit code with 36 values per digit [0-9,A-Z] I would not expect you to understand just how many Microsoft breaches have been detected since 1996, but take it for granted that the number is larger than the length of your attention span. No matter how good your focus. It got boring by 1999. There should be another word for what it is by now.
 
Old 08-31-2021, 12:03 PM   #12
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 17,783
Blog Entries: 11

Rep: Reputation: 5383Reputation: 5383Reputation: 5383Reputation: 5383Reputation: 5383Reputation: 5383Reputation: 5383Reputation: 5383Reputation: 5383Reputation: 5383Reputation: 5383
Quote:
Originally Posted by hazel View Post
I remember reading, back in the '90s, an American article showing parents how to work out if their teenage son had become a hacker (by which they meant a criminal, not a computer nerd). It was the equivalent then of being radicalised. And one sure sign was that he had put something called "Linux" on his computer instead of using Windows like any civilised person.
I just made a web search on that and the first result was wikipedia's article on shitposting.
But i still can't find the actual article. It was pretty funny, but tbh I'm not amused by this type of "internet parody" (?) anymore, since it facilitates the birth of all sorts of crazy conspiration myths and ultimately created Q-Anon.
Poe's Law is a serious problem.
 
Old 08-31-2021, 12:27 PM   #13
cwizardone
LQ Veteran
 
Registered: Feb 2007
Distribution: Slackware64-current with "True Multilib."
Posts: 6,828
Blog Entries: 1

Rep: Reputation: 4211Reputation: 4211Reputation: 4211Reputation: 4211Reputation: 4211Reputation: 4211Reputation: 4211Reputation: 4211Reputation: 4211Reputation: 4211Reputation: 4211
Quote:
MS' Ballmer: Linux is communism
After a short silence, Motormouth is back, folks...
Graham Lea Mon 31 Jul 2000 // 10:10 UTC....
The article can be found here, https://www.theregister.com/2000/07/..._is_communism/
Attached Thumbnails
Click image for larger version

Name:	openssourceisconnunism_result.jpg
Views:	6
Size:	61.0 KB
ID:	37099  

Last edited by cwizardone; 08-31-2021 at 12:36 PM.
 
Old 08-31-2021, 12:42 PM   #14
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 17,783
Blog Entries: 11

Rep: Reputation: 5383Reputation: 5383Reputation: 5383Reputation: 5383Reputation: 5383Reputation: 5383Reputation: 5383Reputation: 5383Reputation: 5383Reputation: 5383Reputation: 5383
Quote:
Originally Posted by cwizardone View Post
That's not what hazel described and not what I was after.
I don't even think that article is a parody.
 
Old 09-08-2021, 11:32 AM   #15
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,291
Blog Entries: 4

Rep: Reputation: 3318Reputation: 3318Reputation: 3318Reputation: 3318Reputation: 3318Reputation: 3318Reputation: 3318Reputation: 3318Reputation: 3318Reputation: 3318Reputation: 3318
Seriously, every operating system, specifically including Linux, is susceptible to security vulnerabilities, and so there are rather large teams of "white hat" researchers who are constantly looking for them. Whenever a "security update" is published for your distro, you should always apply it immediately, if not automatically.

All of these systems are internally so complex that it's not a matter of "whether" a new vulnerability exists.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Another Yahoo Security Breach Affects a Billion Accounts LXer Syndicated Linux News 0 12-15-2016 04:45 AM
Yet another thread about a security breach Fredde87 Linux - Security 19 10-16-2009 08:12 AM
LXer: From the End of the Beginning to the Beginning of the End LXer Syndicated Linux News 0 03-08-2009 12:12 AM
[Security Questions] Last Login, how good is this feature for security breach info? t3gah Linux - Security 2 06-14-2005 01:02 AM

LinuxQuestions.org > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 02:29 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration