740

Microsoft is pivoting its company culture to make security a top priority, President Brad Smith testified to Congress on Thursday, promising that security will be "more important even than the company’s work on artificial intelligence."

Satya Nadella, Microsoft's CEO, "has taken on the responsibility personally to serve as the senior executive with overall accountability for Microsoft’s security," Smith told Congress.

His testimony comes after Microsoft admitted that it could have taken steps to prevent two aggressive nation-state cyberattacks from China and Russia.

According to Microsoft whistleblower Andrew Harris, Microsoft spent years ignoring a vulnerability while he proposed fixes to the "security nightmare." Instead, Microsoft feared it might lose its government contract by warning about the bug and allegedly downplayed the problem, choosing profits over security, ProPublica reported.

This apparent negligence led to one of the largest cyberattacks in US history, and officials' sensitive data was compromised due to Microsoft's security failures. The China-linked hackers stole 60,000 US State Department emails, Reuters reported. And several federal agencies were hit, giving attackers access to sensitive government information, including data from the National Nuclear Security Administration and the National Institutes of Health, ProPublica reported. Even Microsoft itself was breached, with a Russian group accessing senior staff emails this year, including their "correspondence with government officials," Reuters reported.

top 50 comments
sorted by: hot top controversial new old
[-] reversebananimals@lemmy.world 227 points 5 months ago

To reinforce the shift in company culture toward "empowering and rewarding every employee to find security issues, report them," and "help fix them," Smith said that Nadella sent an email out to all staff urging that security should always remain top of mind.

Yeah that ought to do it.

[-] WhatAmLemmy@lemmy.world 172 points 5 months ago

Lol. Considering it was senior management that ignored staff, this statement is even fucking dumber than it sounds.

[-] schizo@forum.uncomfortable.business 91 points 5 months ago

That's just barely thoughts-and-prayers level. They could at least schedule a mandatory meeting that interrupts everyone's day for half an hour.

[-] Serinus@lemmy.world 41 points 5 months ago

Usually they set up a hotline which may or may not get you fired.

[-] herrcaptain@lemmy.ca 48 points 5 months ago

Using the hotline won't get you fired, but somehow - for totally unrelated reasons - after using it you'll end up on a PIP with untenable goals, and that will get you fired.

load more comments (1 replies)
[-] Cosmos7349@lemmy.world 31 points 5 months ago

"Of course, fixing these kinds of issues won't push your product deadlines back at all. But we'll be thankful to you! "

[-] Emotet@slrpnk.net 23 points 5 months ago

Same energy as "You have unlimited PTO here, but we also have this nifty little thing called performance metrics"

[-] Semi_Hemi_Demigod@lemmy.world 22 points 5 months ago

"Next week to improve employee morale we will have a pizza party" - Nadella, probably

load more comments (1 replies)
[-] FergleFFergleson@infosec.pub 102 points 5 months ago

This statement, from the company that looked at Recall and collectively said "yeah, this is a good idea".

[-] demizerone@lemmy.world 25 points 5 months ago* (last edited 5 months ago)

Well recall is why they're so focused on security now. They want to host every detail of your life. They can't do that now because their platform is a tire fire.

[-] AbidanYre@lemmy.world 19 points 5 months ago

their platform is a tire fire.

Always has been

load more comments (10 replies)
[-] tabular@lemmy.world 88 points 5 months ago

Pick one:

  • security
  • proprietary OS
[-] Dudewitbow@lemmy.zip 81 points 5 months ago

you can have a propietary os thats secure, but the problem is once you get to the point where youre selling data and allow anything to be installed of course, its no longer secure.

[-] tabular@lemmy.world 19 points 5 months ago* (last edited 5 months ago)

You can't verify it's secure if it's proprietary, so it's never secure? Having control over other people's computing creates bad incentives to gain at your user's expense, so it's day 1 you should lose trust.

You can have audits done on proprietary software. Just because the public can't see it doesn't mean nobody else can.

load more comments (9 replies)
load more comments (5 replies)
[-] tengkuizdihar@programming.dev 13 points 5 months ago

Sure its secure, but is it verifiably secure?

load more comments (5 replies)
load more comments (1 replies)
load more comments (1 replies)
[-] xenomor@lemmy.world 70 points 5 months ago

My suggestion, based on more than three decades of observing and interacting with this company: don’t believe a fucking thing they say, ever.

[-] Tylerdurdon@lemmy.world 57 points 5 months ago* (last edited 5 months ago)

"Microsoft is pivoting its company culture to make security a top priority..."

The fact that this had to be stated is a testament to garbage leadership. Notice it's not even the top priority, just a top priority. These guys will still get bonuses of course.

[-] deweydecibel@lemmy.world 13 points 5 months ago

The security will definitely also take a very profitable shape. I.e. further locking the OS away from the user, more black box software, etc.

[-] tootoughtoremember@lemmy.world 44 points 5 months ago

Too late. Linux is going from my hobby project to my primary OS by the time they stop providing Windows 10 updates, if not sooner.

load more comments (1 replies)
[-] 555@lemmy.world 43 points 5 months ago

Too late, my office just switched to Linux.

[-] Lost_My_Mind@lemmy.world 12 points 5 months ago

..........what? What kind of office do you work in that understands linux??? Most offices I've worked in don't even understand the copier.

load more comments (1 replies)
[-] NutWrench@lemmy.world 40 points 5 months ago

If Microsoft cares so much about security, then WTF are they doing greenlighting a project like CoPilot / Recall?

load more comments (7 replies)
[-] bdot@lemmy.world 35 points 5 months ago

no they won’t. these pricks literally fired their entire AI Ethics team… that tells you everything you need to know about where their priorities are.

the only thing they are gonna do about this is figure out a way to make people not angry, but continue to fo as much shady shit as they can.

load more comments (4 replies)
[-] homesweethomeMrL@lemmy.world 34 points 5 months ago

I've spent the better part of my life watching microsoft fuck people over and then when they finally - finally get called out on it they do a bunch of bashful aw-shucksing before doing it again and again and again.

No.

Microsoft is dead. Kill it with fire. The US government should have known better, but they didn't because like every other organization they have a boatload of clueless mid-level managers who only every learned Windows and fall for microsoft's garbage every time, despite the eye-popping price.

NO MICROSOFT. EVER. They're a criminal organizaiton, the amount of destruction they've created will never be known.

[-] kippinitreal@lemmy.world 30 points 5 months ago* (last edited 5 months ago)

Microsoft focused on security at this point is like a builder focusing on building strong foundations now that the house is built on top.

It's a little too late my dudes.

[-] Tinidril@midwest.social 16 points 5 months ago

I remember them saying all the same exact things in the early 2000s after a slew of widespread disasters. Security will never be a higher priority than whatever cool new thing they want to sell.

load more comments (4 replies)
[-] Taleya@aussie.zone 30 points 5 months ago* (last edited 5 months ago)

the funniest part of the fall of MS for me has been the cunts getting so excited about fucking off the home users they forgot one vital thing: C-suite and beancounters run at a home user level. And most infrastructure techs will happily flick to a linux distro come server build time.

Their current direction has also pretty much killed their use in anything related to media distribution, it's virtually a detailed list of TPN violations

load more comments (1 replies)
[-] ultratiem@lemmy.ca 26 points 5 months ago

According to Microsoft whistleblower Andrew Harris, Microsoft spent years ignoring a vulnerability while he proposed fixes to the "security nightmare." Instead, Microsoft feared it might lose its government contract by warning about the bug and allegedly downplayed the problem

This says everything about this shitty company. Worst of the worst. Because that’s how they make 90% of their cash. By exploiting licensing deals and siphoning data to sell to whomever because they do not care who it is so long as they bid the highest.

It’s amazing no one has tried to break up their control over PCs. Make this world make sense.

[-] lurch@sh.itjust.works 26 points 5 months ago

I doubt MS even knows what security means

load more comments (1 replies)
[-] Jayjader@jlai.lu 23 points 5 months ago

Microsoft is pivoting its company culture

Oh yes, the thing they're well known for succeeding at.

load more comments (1 replies)
[-] ChaoticEntropy@feddit.uk 23 points 5 months ago* (last edited 5 months ago)

That is basically the biggest fuck up you could make as a government contracted technology provider. They even let it happen and hid it deliberately.

load more comments (1 replies)
[-] MehBlah@lemmy.world 22 points 5 months ago

You mean they have been letting it slip?

[-] phoenixz@lemmy.ca 21 points 5 months ago

Seriously, why are governments using Microsoft software?

Don't give me the nonsense line of "they need support". There is support for Linux too, and Linux, sorry, works, is reliable and most importantly: a hell of a lot safer than windows. This is example #346269 where Microsoft not only fails to keep windows even remotely safe, but actively sabotaged their customers (in this case the US government) for their own profit.

And again, "wwheeeyyyrreee sooowwyyyy, pleeeaaasseeee forgif us?" Look! Look! Even our CEO will now be interested in secuwity!

Seriously I'm so tired of having to read this over and over and he government will just contoi to pump millions over millions into that piece of crap company.

Switch to Linux already and have computers that you can trust have no known issues that are not being resolved to cover for a few rich assholes!

[-] kandoh@reddthat.com 17 points 5 months ago

When I worked with defense contractors in Canada, Microsoft would sue the government whenever it didn't get awarded a contract it applied for.

load more comments (1 replies)
load more comments (2 replies)
[-] SomeGuy69@lemmy.world 20 points 5 months ago

Microsoft uses damage control.

fancy animation

It was not effective.

load more comments (1 replies)
[-] RickRussell_CA@lemmy.world 20 points 5 months ago

Satya Nadella, Microsoft’s CEO, “has taken on the responsibility personally to serve as the senior executive with overall accountability for Microsoft’s security,”

Err. Wasn't that already true? He's chief executive officer, not chief some shit that doesn't include security officer.

[-] Bonesince1997@lemmy.world 18 points 5 months ago

Oh no. How will I know where I'm going without copilot?!

[-] Fedizen@lemmy.world 17 points 5 months ago* (last edited 5 months ago)

Rather than driving the industry forward with leadership and vision Microsoft is being driven by AI and Advertising fads that are self destructing facebook and google.

Its clear its too late for Microsoft to do anything but lose trust at this point. If the outlook hacks and US government didnt cause them to rethink these terrible anti-privacy ideas then a bit of AI backlash won't either. As soon as people look away they'll start stuffing the OS with snoopware again.

[-] Omgboom@lemmy.zip 17 points 5 months ago

Until next week when they change their mind again

[-] Gullible@sh.itjust.works 17 points 5 months ago

Why lie about this, Microsoft? Your PR team sucks.

[-] _sideffect@lemmy.world 17 points 5 months ago

Ms has always been a shitty company, from the time it was formed

load more comments (1 replies)
[-] 3volver@lemmy.world 16 points 5 months ago

Linux is great. It was initially concerning to migrate but overall I'm happy I did. I assume Microsoft will attempt to make things more incompatible and proprietary as a last chance attempt to hold onto users. Ultimate this will just lead to more people switching to Linux faster over time.

load more comments (16 replies)
[-] phoenixz@lemmy.ca 15 points 5 months ago

According to Microsoft whistleblower Andrew Harris, Microsoft spent years ignoring a vulnerability while he proposed fixes to the "security nightmare." Instead, Microsoft feared it might lose its government contract by warning about the bug and allegedly downplayed the problem, choosing profits over security, ProPublica reported.

And this is exactly the problem. You STILL cannot trust them, fool me once, fool me twice?

This entire "weeewweeee sowwwyyy" bullshit excuse completely ignored the fact that they purposefully allowed the US government to be attacked because money is their bottom line. If it were a person (and aren't companies persons now in the US?) they would have been jailed for treason. Jail these assholes already and switch ALL your computers to Linux

load more comments (2 replies)
[-] 299792458ms@lemmy.zip 12 points 5 months ago

This is like that psychopath GF that lies and pushes you around to test your limits with the evil plan to manipulate you. Every once in a while you can complain about her behavior and then she will bombard you with fake love and forgiveness to push later in the future again.

load more comments
view more: next ›
this post was submitted on 13 Jun 2024
740 points (97.9% liked)

Technology

59654 readers
2645 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS