Board Games at Microsoft? Maybe Corner Cutting?
September 30, 2022
I noted a write up called “Anonymous Lays Waste to Russian Message Board, Releases Entire Database Online.” The article describes what a merrie band of anonymous, distributed bad actors can do in today’s decentralized, Web 3 world of online games like Cat and Mouse. The article explains that Mr. Putin’s bureaucracy is a big, fat, and easy target to attack. One statement in the article caught my attention; to wit:
For all their reputation on cyber security and hacking, the Russians were careless…. KiraSec has taken down hundreds of Russian websites, Russian banks like alfabank, bank.yandex.ru, pro-Russian terror-leaning websites, Russian pedophile websites, Russian government websites, Russian porn sites and a lot more. The cyber activists also “hacked various Russian SCADAs and ICS, nuking their systems and completely destroying their industrial machines.”
I immediately thought about Microsoft’s Brad Smith suggesting that more than 1,000 programmers worked to make SolarWinds a household word. My thought was that Microsoft itself may share the systems engineering approach used to protect some Russian information assets. The key word is “careless.” Arrogance, indifference, and probably quite terrible management facilitated the loss of Russian data and the SolarWinds’ misstep.
I then spotted in my news headline stream this article from the UK online outfit The Register: “Excel’s Comedy of Errors Needs a New Script, Not New Scripting.” This article points out that Microsoft has introduced a new feature for Excel. I am not an individual who writes everything in Excel, including holiday greetings and lists of government officials names and email addresses. Some are.
Here’s the passage I circled after I printed out the write up on a piece of paper:
Excel is already the single most dangerous tool to give to civilians. You can get things wrong in Word and PowerPoint all day long, and while they have their own security fun you’re not getting things wrong through a series of tiny letterboxes behind which can live the company’s most important numerical data. The Excel Blunder is its own genre of corporate terror: it brings down companies, it breaches data like a excited whale seeking sunlight, it can make a mockery of pandemic control. And because Excel is the only universal tool most users get for organizing any sort of data, the abuses and perversions it gets put to are endless.
What’s the connection between bad actors hacking Russia, Microsoft’s explanation of the SolarWinds’ misstep, and Excel’s new scripting method?
Insecurity appears to be part of the core business process.
No big deal. Some bad actors and a few cyber security vendors will be happy. Others will be “careless” and maybe clueless. That’s Clue the board game, not the motion picture.
Stephen E Arnold, September 30, 2022