Technology

34436 readers

200 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.

Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.

Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago

MODERATORS

MinutePhrase@lemmy.ml

Microsoft takes pains to obscure role in 0-days that caused email breach (arstechnica.com)

submitted 1 year ago by BrikoX@lemmy.zip to c/technology@lemmy.ml

3 comments fedilink hide all child comments

top 2 comments

sorted by: hot top controversial new old

[–] phase_change@sh.itjust.works 17 points 1 year ago* (last edited 1 year ago)

As a guy responsible for a 1,000 employee O365 tenant, I’ve been watching this with concern.

I don’t think I’m a target of state actors. I also don’t have any E5 licenses.

I’m disturbed at the opaqueness of MS’ response. From what they have explained, it sounds like the bad actors could self-sign a valid token to access cloud resources. That’s obviously a huge concern. It also sounds like the bad actors only accessed Exchange Online resources. My understanding is they could have done more, if they had a valid token. I feel like the fact that they didn’t means something’s not yet public.

I’m very disturbed by the fact that it sounds like I’d have no way to know this sort of breach was even occurring.

Compared to decades ago, I have a generally positive view of MS and security. It bothers me that this breach was a month in before the US government notified MS of it. It also bothers me that MS hasn’t been terribly forthcoming about what happened. Likely, there’s no need to mention I’m bothered that I’m so deep into the O365 environment that I can’t pull out.

[–] hawkwind@lemmy.management 15 points 1 year ago

Vendor lock-in is 100 times worse today than it was 20 years ago. It’s vile, insidious and borderline cruel. Microsoft doesn’t want to work with anyone, they never have and they never will.

Any feelings of openness and cooperation you get from them is engineered, from the ground up, to ensure that they are in a position of control over you.

Their crack security team is not the result of some spontaneous and sudden desire to protect their customers. It’s a consequence of having to constantly triage the financial impacts of a never-ending stream of critical vulnerabilities.

Labelling this proprietary shit “ecosystems” is insulting to ecosystems. They mere notion that you should be using Microsoft software to monitor, secure and protect your Microsoft software is downright ridiculous.

Microsoft is not the only, and maybe not even the worst, in a long list of hand-wringing, life-sucking, progress-hindering companies who people will willingly defend because these companies have forced their way into becoming a part of our identities.

load more comments