And Microsoft Wants Its Partners to Support Government Entities?

July 16, 2020

The article “Hack of 251 Law Enforcement Web Sites Exposes Personal Data of 700,000 Cops” troubles me for two reasons.

First, the loss of the data increases risk for the professionals listed in the data files. Not good.

Second, the write up asserts as “real” news:

All of the hacked websites were hosted and built by the Texas web development firm Netsential on Windows servers located in Houston. They were all running the same custom (and insecure) content management system, developed using Microsoft’s ASP.NET framework in the programming language VBScript, using Microsoft Access databases. Because they all run the same software, if a hacker could find a vulnerability in one of the websites that allowed them to download all the data from it, they could use that vulnerability to hack the rest of the websites without much additional effort.

DarkCyber believes that much of the 21st century cyber software jabber is marketing speak.

image

If the statement about Microsoft’s infrastructure and software is accurate, there are some questions to answer:

  1. How did the Microsoft partner program allow “experts” certified by Microsoft to create a system with some interesting security issues?
  2. Where did the Netsential Web site go? Why did its content disappear?
  3. What does this incident mean in the context of the Department of Defense JEDI contract?

DarkCyber is concerned when a giant corporation cannot update its own Windows 10 operating system and fail to ensure that its partners are qualified to perform sensitive work in a careful manner.

Is there some useful code on Microsoft Github? Snap. Github fell over again just as I was looking.

Another troubling US technology lapse it seems for a company wanting to provide cloud services to the US government and law enforcement.

Stephen E Arnold, July 16, 2020

Comments

Got something to say?





  • Archives

  • Recent Posts

  • Meta