Gandalf_The_Grey
Level 81
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
- Apr 24, 2016
- 7,086
Lousy security culture, products as full of holes as a Swiss cheese, but "to big to fail and everyone is dependent". That's a description of Microsoft – not mine, but the tenor of the statements made by the former White House Director of Cyber Policy, Andrew J. Grotto, in an interview with the British newspaper The Register.
In terms of marketing, Redmond is at the top of its game, with a new pig being driven through the village every week: Cloud, Mobile First and now AI using Copilot. On the other hand, Microsoft has been conspicuous for years for its poor software quality and buggy updates, which then have to be corrected at great expense. And then there are the security incidents with Microsoft's cloud services, which are making Microsoft's customers nervous.
In the last 24 months, further security incidents have become known in which Microsoft servers were unprotected and accessible via the internet. I discussed the last case in the article Unsecured Microsoft Azure Server exposes passwords etc. of Microsoft systems (Feb. 2024)).
- In the summer of 2023, the Microsoft Cloud was hacked by the alleged Chinese hackers of the Storm-0558 group, which made it possible to read the online accounts of US government representatives (see e.g. China hacker (Storm-0558) accessed Outlook accounts in Microsoft's cloud).
- Or there was the hack of the Microsoft Cloud by the suspected Russian group Midnight Blizzard, which became known in January 2024 but may still be ongoing (see e.g. Microsoft hacked by Russian Midnight Blizzard; emails exfiltrated since Nov. 2023). Not only emails from Microsoft executives but also from customers were read and even source code was captured.
Basically, the Microsoft Cloud is considered "compromised" and major customers in the US government are looking at how to reduce their dependencies on Microsoft. The US cyber security authority CISA has also issued an order requiring US authorities to check their systems for risks resulting from the Midnight Blizzard hack by the end of April 2024 (see US CISA orders admins in authorities to mitigate the cyber risks of the Microsoft Cloud).
US cyber expert: Microsoft is a national security risk
[German]Lousy security culture, products as full of holes as a Swiss cheese, but "to big to fail and everyone is dependent". That's a description of Microsoft - not mine, but the tenor of the statements made by the former White House Director of Cyber Policy, Andrew J. Grotto, in an interview...
borncity.com