this post was submitted on 14 Jun 2024
191 points (99.0% liked)

Technology

60585 readers
4286 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
top 10 comments
sorted by: hot top controversial new old
[–] [email protected] 50 points 7 months ago
[–] [email protected] 42 points 7 months ago* (last edited 7 months ago) (2 children)

I’ll wait until they demonstrably prioritize security. Corporations will say literally anything to avoid negative PR.

Edit:

But also, this isn’t actually about Recall:

Microsoft is pivoting its company culture to make security a top priority, President Brad Smith testified to Congress on Thursday, promising that security will be "more important even than the company’s work on artificial intelligence."

Satya Nadella, Microsoft's CEO, "has taken on the responsibility personally to serve as the senior executive with overall accountability for Microsoft’s security," Smith told Congress.

His testimony comes after Microsoft admitted that it could have taken steps to prevent two aggressive nation-state cyberattacks from China and Russia.

According to Microsoft whistleblower Andrew Harris, Microsoft spent years ignoring a vulnerability while he proposed fixes to the "security nightmare." Instead, Microsoft feared it might lose its government contract by warning about the bug and allegedly downplayed the problem, choosing profits over security, ProPublica reported.

Holy fuck. This is like National Security level shit. As in, potentially dire implications on supposedly-secure SCI-related systems. There will probably be Very Fucking Serious criminal charges of the type that you can’t rub money on to get out of.

Say it with me now: this is what happens when you let the business and finance idiots run the show.

[–] [email protected] 8 points 7 months ago

I hope you’re right, but at this point I suspect the lobbyists will just bribe whoever they need to.

[–] [email protected] 2 points 7 months ago

This shit should be left at the hands of the state.

[–] [email protected] 22 points 7 months ago

You mean like how they told their employees to prioritize security above all else and then had effectively none in Recall?

[–] [email protected] 12 points 7 months ago* (last edited 7 months ago) (1 children)

Link is to the second page of the article. I thought it was odd how it kept saying "Smith said" without identifying who Smith is.

Proper link: https://arstechnica.com/tech-policy/2024/06/microsoft-in-damage-control-mode-says-it-will-prioritize-security-over-ai/

[–] [email protected] 8 points 7 months ago

Oops, should be fixed now

Thanks!

[–] [email protected] 7 points 7 months ago

how about suck my balls mode

[–] [email protected] 7 points 7 months ago

This is the best summary I could come up with:


The company has invited the Cybersecurity and Infrastructure Security Agency to attend a "detailed technical briefing" on SFI and Microsoft's other engineering objectives to explain "the specific ways we are implementing the CSRB’s recommendations," Smith said.

Although he acknowledged that Microsoft has "by far the first and greatest responsibility" to heed the CSRB's report, "no single company can protect a country and other nations from what is emerging as a cyberwar waged by four aggressive governments," Smith said.

Smith suggested that the committee members could "do more in support of cyber defense" by funding critical cybersecurity programs, strengthening countermeasures, and "imposing appropriate punishment" and heavy fines to deter malicious activity.

The spokesperson further explained that Microsoft historically has prioritized its "security response work by considering potential customer disruption, exploitability, and available mitigations.”

“We continue to listen to the security research community and evolve our approach to ensure we are meeting customer expectations and protecting them from emerging threats,” Microsoft's spokesperson said.

"We accept responsibility for the past and are applying what we’ve learned to help build a more secure future," Smith said, vowing that Microsoft would soon "establish stronger multi-layered defenses to counter the most sophisticated and well-resourced nation-state actors."


The original article contains 541 words, the summary contains 200 words. Saved 63%. I'm a bot and I'm open source!

[–] [email protected] 6 points 7 months ago

Do they not have an active leak where people's outlook account information is just out there and accounts are getting stolen?