Microsoft on Security

February 25, 2021

I think that some believe the SolarWinds’ misstep should be called surfing the Microsoft access control process.” I may be wrong on that, of course. I did find some of the statements and quotations in an article called “Microsoft CEO For Global Rules On Data Safety, Privacy.” On the same day that another Microsoftie was explaining the security stumble which has compromised systems at Microsoft itself and a few minor US government agencies, the CEO of the outstanding software company allegedly said:

One thing I hope for is that we don’t fragment, that we are able to, whether it’s on privacy or data safety, bring together a set of global rules that will allow all of us to both comply and make sure that what we build is safe to use.

He allegedly noted:

One of the things we are trying to ensure is how do we have that design principles and engineering processes to ensure that the products and the services are respecting privacy, security, AI ethics as well as the fundamental Internet safety but beyond that there will be regulation.

With some of the source code for Azure, Exchange, and Outlook on the loose, one hopes that those authentication and access control systems are indeed secure. One hopes that the aggressively marketed Windows Defender actually defends. That system appears to have been blind to the surfing maneuvers executed by bad actors for months, maybe a year or more.

Microsoft’s core methods for granting efficient access to trusted users or functions with certifying tokens were compromised. At this time, the scope of the breached systems and the existence if any of sleeper code is not yet quantified.

Assurances are useful in some circumstances. Foundational engineering flaws are slightly more challenging to address.

But “hope” is good. Let’s concentrate security with Microsoft procedures. Sounds good, right? Talk is easier than reengineering perhaps?

Stephen E Arnold, February 25, 2021

Comments

Comments are closed.

  • Archives

  • Recent Posts

  • Meta