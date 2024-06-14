Congress takes Microsoft to pound town.

https://arstechnica.com/tech-policy...mode-says-it-will-prioritize-security-over-ai

TLDR; Microsoft chose profits over fixing 2 big security holes that allowed Russia and China to land successful cyberattacks against the US Government.

Microsoft will adopt all the government's 16 recommendations
https://www.cisa.gov/sites/default/..._the_Summer_2023_MEO_Intrusion_Final_508c.pdf

Microsoft will be forced to stop charging for key security features they tied to their O365 services
Microsoft will hire 34,000 full-time engineers dedicated to 18 security objectives, which includes tying CEO and executive pay to the effectiveness of those security measures.
https://arstechnica.com/information...ity-following-multiple-failures-and-breaches/

Either way, Microsoft took a big L today, so we should count that as a win.
 
Lakados said:
Jesus, that's a lot of new engineers.


Lakados said:
I'm not sure I want Microsoft to feel pain. I just want them to be more user focused and cut out the market manipulation and privacy issues...
 
It's a good thing only nebulous security risks from foreign companies with tech worth stealing are a threat worth forcing a sale.
 
Lakados said:
https://arstechnica.com/tech-policy...mode-says-it-will-prioritize-security-over-ai

They are hardly the only conpany to do this.

What about all the US Corps that underfund their IT Security departments?
Lakados said:
Yes
 
philb2 said:
Well in this case the whistleblower and investigators proved that Microsoft knew of the severity of the problem but intentionally downplayed it because the cost of the fix paired with its timing would have jeopardized some contracts and Executives bonuses. So they tried to sweep it under the rug.

I’m sure lots of companies do it, but in this case it did let Russia and China gain access to government systems. So they angered the wrong client.
 
Microsoft really needs to get back to fixing things that matter and not pushing this half-baked AI spyware garbage that nobody asked for. Windows has become an absolute dumpster fire these last few years. They need to focus on security and stability. There's still a bug in Windows 10 that Microsoft just outright said publicly that they can't and won't fix. Their heads are so up their arses lately. It's pathetic.
 
MS probably deserves worse but better than nothing. Where are the corporate defenders to tell us all about how it's a user problem :rolleyes:?
 
I 100% agree Microsoft needs to refocus their efforts on Windows bug fixes and usability. When the new Terminal was in Public Preview on Windows 10, I reported a bug where the Command Prompt mode would not let you use Shift+Arrows to highlight text for copy/pate purposes (If you search for it, you can still find this report in their Feedback Hub). The workaround is to highlight the text I need using the mouse, but that requires taking my hands off of the keyboard. I use Command Prompt mode quite a lot, and it is a real annoyance. This works perfectly fine in old CMD.EXE and even in the new Terminal when in Power Shell mode or any of the Linux shell modes. I've since moved up to Windows 11 and the bug has never been fixed. One might say "Well, just use CMD.EXE, then." but the new Terminal is superior in just about every other way and thus I have just learned to live with it. I gave up hope YEARS ago that it ever will be fixed...
 
philb2 said:
Funding is not the issue in this particular area. All the large tech companies spend a lot on security people.

The problem comes in when security clashes with speed of development, user convenience, publically visible reputation control and the like.

Especially since the AI craze those objectives go before security.
 
