- cross-posted to:
- news@lemmy.world
- cross-posted to:
- news@lemmy.world
cross-posted from: https://lemmy.zip/post/795564
Archived version: https://archive.ph/qFPbB
Archived version: https://web.archive.org/web/20230728012222/https://arstechnica.com/security/2023/07/us-senator-blasts-microsoft-for-negligent-cybersecurity-practices/
US senator blasts (insert phone manufacturer here) for not keeping backdoors open for surveillance.
blasts?
While Microsoft should absolutely be held accountable for flaws in its code and its failures to disclose actively-exploited attacks in the wild against said flaws, most organizations have policies (or the lack thereof) resulting in security flaws you can drive a truck through.
Specifically, a lack of M365 and Teams “app” review and approval processes, a lack of CASB tooling, and grossly inadequate asset inventories and security agent coverage. You can’t protect what you can’t see, and most Microsoft customers are barely doing the minimum.
Is that Microsoft’s fault, when they explicitly tell your admins you’ve got a “Secure Score” of 19%, and they don’t do shit about it?
If the senator thinks he can do a better job of running a mail server, then by all means he should do so. Oh wait, that’s right, the government is still reeling from sending military emails to the wrong country this month.
This is not a “but he is worse”. If the military fucked up, sanction the ppl responsible. If Microsoft fucked up, bring the lawsuit.
We’re not making a contest out of it, why not just condemn both?
I’m just saying it’s hard to be taken seriously for pointing fingers when you can’t even manage your own shit. And really, did Microsoft fuck up, or are they simply a victim of another attack? You literally cannot be aware of all attacks all the time, especially at a company that large. God knows I hate Microsoft and their piss-poor services, and I laugh at the idea of them and cybersecurity used in the same sentence, but I’m also honest enough to know that some things simply can’t be controlled.
I think my biggest problem with this is that the government simply doesn’t care about all the people who have been scammed by that ‘Nigerian Prince’ but the moment someone whispers that their secret emails with their mistress might have been read, suddenly it’s a national issue? Sorry but until you start working FOR the people you represent, I just don’t have any sympathy.