Microsoft says it hasn't been able to shake Russian state hackers
Microsoft says it hasn't been able to shake Russian state hackers
Microsoft says it is still trying to evict the elite Russian government hackers who broke into the email of senior company executives in November and have since been trying to breach customer networks with stolen access data.
Nation state cybersecurity threats are a big deal, and heavily targeting Microsoft is definitely part of a larger game plan by Russia.
If Microsoft is struggling, imagine how helpless "smaller" corporations (Even 10/100's of billion $ corps) would be.
I'm interested in how this plays out, and the kinds of postmortems we'll get from this. Will we see any shift in security culture and best practices?
Smaller corporations have it easier, IF they took IT Security serious. For the simple fact, that there are just a lot less entry points and way less whack amole playing.
And Microsoft never took security as serious as they should have.
Edith: And I highly doubt, we'll see a substantial change on Microsoft's side. 1.: There's less Money to be made. 2.: In some ways, their hands are tied because of the still ongoing Patriot Act/USA Freedom Act (which is a bullshit name) or rather the safe harbor stuff.
I don't think we'll get the post mortems you ate imagining.
Microsoft has typically been extremely vague - famously vague, even - about any details.
If I ran a software utility that the US gov used and had an intrusion I couldn't mitigate and resolve, I would be blacklisted and out of business.
Have you tried being too big to fail, to the extent your own financial success is considered a matter of "national security"?
Is it iso9001 that says "don't have a single supplier for stuff"?
Linux anyone ?
Linux anyone ?
I don’t want to sound dismissive, this is a genuine question and not an attack on Linux.
Other than security by obscurity, how is it possible that an operating system whose entire source code is available to hackers to peruse at will could be more secure than a closed source one?
Security by obscurity doesn't work. Microsoft software has always been closed source and it has never prevented hackers making exploits.
Open source software allows hundreds of thousands of people to comb over the code and find/fix vulnerabilities much easier.
It's also true that because of the way Linux is developed, security flaws in Linux are patched much faster than in other projects, with Linux patching issues in an average of 25 days compared to Microsoft's 83 days. And the gap is widening, recently Linux has got that down to 15 days.
There's a reason companies go with Linux for servers that handle sensitive information or are business-critical. And there's a reason why the best encryption algorithms are all open source.
Code being in the open allows the whole world to participate and fix the problems quicker than closed source binary.
Because if a vuln gets found or exploited, it gets immediately patched, often with some big backing by OEMs that run on Linux.
Open source also reduces the likelihood of exploitable bugs going unnoticed because everyone can see and play with the source code by themselves.
There is a risk of malicious merge requests, but so far that hasn't been a problem besides a university getting banned for pointing out the issue with a live test without telling the devs.
Much of linux is also designed to be hardened by default because it's used on so much infara. SELinux by itself is a great example because it was essentially created by RedHat and now is a major standard for MAC.
Windows on the other hand needs Microsoft alone to solve the problem. No one can patch it themselves, and there's no guarantee the patches will work, which has happened several times. I believe print spooler basically had to be disabled because there was no good solution due to implementation.
The amount of Windows OS specific exploits vs Linux specific exploits kind of shows the results of closed source vs open source.
The worst vuln I can think of for Linux is dirty cow which is a local priv esc on basically Linux kernels 2.x-4.x which was a big deal when it was discovered because of the range of versions
Meanwhile windows had eternal blue, a whole remote code execution that existed on every version of windows since win95 that the NSA kept for probably a decade before it was leaked.
Closed source doesn't prevent people from reverse engineering it to find exploits, it just makes it harder for others to contribute to fixing it
ReactOS FTW.
W10 EOL news and compromised news at the same time.
I've seen them owned by the RSS functionality. So many little hidey holes. I can't imagine how diverse their infrastructure is.
This is the best summary I could come up with:
BOSTON (AP) — Microsoft said Friday it’s still trying to evict the elite Russian government hackers who broke into the email accounts of senior company executives in November and who it said have been trying to breach customer networks with stolen access data.
The hackers from Russia’s SVR foreign intelligence service used data obtained in the intrusion, which it disclosed in mid-January, to compromise some source-code repositories and internal systems, the software giant said in a blog and a regulatory filing.
A company spokesman would not characterize what source code was accessed and what capability the hackers gained to further compromise customer and Microsoft systems.
“The threat actor’s ongoing attack is characterized by a sustained, significant commitment of the threat actor’s resources, coordination, and focus,” Microsoft said Friday, adding that it could be using obtained data “to accumulate a picture of areas to attack and enhance its ability to do so.” Cybersecurity experts said Microsoft’s admission that the SVR hack had not been contained exposes the perils of the heavy reliance by government and business on the Redmond, Washington, company’s software monoculture — and the fact that so many of its customers are linked through its global cloud network.
When it initially announced the hack, Microsoft said the SVR unit broke into its corporate email system and accessed accounts of some senior executives as well as employees on its cybersecurity and legal teams.
Microsoft’s latest disclosure comes three months after a new U.S. Securities and Exchange Commission rule took effect that compels publicly traded companies to disclose breaches that could negatively impact their business.
The original article contains 551 words, the summary contains 264 words. Saved 52%. I'm a bot and I'm open source!
Securing a general purpose operating system seems like the Dutch boy with his finger in the dike. It doesn't matter if its Windows, Linux, or Mac OS X. Lots of little leaks, not enough fingers to plug them.
I'm certainly no Microsoft fanboy, but if they decided to respond to the hack by devoting their resources to taking down the Russian government, Vladimir Putin would be dead within two months.