Microsoft is pivoting its company culture to make security a top priority, President Brad Smith testified to Congress on Thursday, promising that security will be “more important even than the company’s work on artificial intelligence.”
Satya Nadella, Microsoft’s CEO, “has taken on the responsibility personally to serve as the senior executive with overall accountability for Microsoft’s security,” Smith told Congress.
His testimony comes after Microsoft admitted that it could have taken steps to prevent two aggressive nation-state cyberattacks from China and Russia.
According to Microsoft whistleblower Andrew Harris, Microsoft spent years ignoring a vulnerability while he proposed fixes to the “security nightmare.” Instead, Microsoft feared it might lose its government contract by warning about the bug and allegedly downplayed the problem, choosing profits over security, ProPublica reported.
This apparent negligence led to one of the largest cyberattacks in US history, and officials’ sensitive data was compromised due to Microsoft’s security failures. The China-linked hackers stole 60,000 US State Department emails, Reuters reported. And several federal agencies were hit, giving attackers access to sensitive government information, including data from the National Nuclear Security Administration and the National Institutes of Health, ProPublica reported. Even Microsoft itself was breached, with a Russian group accessing senior staff emails this year, including their “correspondence with government officials,” Reuters reported.
three trillion dollars and they basically can’t do it
Why in the absolute fuuuuuck would a “secure” computer with sensitive data be running motherfucking Windows?! Linux is easy enough for pretty much any Windows user in an office environment to handle these days. There’s just no excuse for sensitive business to ever be done on Windows at this point.
The company I work at “supports” Linux in the sense that you’re allowed to use Linux but then you’re essentially on your own when it comes to solving problems. I asked why there’s no proper Linux support and the short answer was “it’s too much trouble”. The long answer was “don’t ask. I don’t want to get into it”.
So my guess is that setting up company wide policies and support for Linux is significantly more work than it is for Windows or Mac.
To reinforce the shift in company culture toward “empowering and rewarding every employee to find security issues, report them,” and “help fix them,” Smith said that Nadella sent an email out to all staff urging that security should always remain top of mind.
Yeah that ought to do it.
Lol. Considering it was senior management that ignored staff, this statement is even fucking dumber than it sounds.
"Of course, fixing these kinds of issues won’t push your product deadlines back at all. But we’ll be thankful to you! "
“Next week to improve employee morale we will have a pizza party” - Nadella, probably
they could throw a pizza party for their government clients. Less work than fixing the problem
That’s just barely thoughts-and-prayers level. They could at least schedule a mandatory meeting that interrupts everyone’s day for half an hour.
Usually they set up a hotline which may or may not get you fired.
Happy cake day!
Using the hotline won’t get you fired, but somehow - for totally unrelated reasons - after using it you’ll end up on a PIP with untenable goals, and that will get you fired.
Same energy as “You have unlimited PTO here, but we also have this nifty little thing called performance metrics”
So they lied und tried to cover it up, which led to the largest cyber attack ever. There’s going to be serious punishment, right? Right?
(⁀ᗢ⁀) hahahaha
Oh, shit haha! I thought you were serious for a second. Can you imagine if we ever held a corporation accountable for the damage they’ve caused? I mean it obviously can’t happen, but wow! You had me for a second!
no they won’t. these pricks literally fired their entire AI Ethics team… that tells you everything you need to know about where their priorities are.
the only thing they are gonna do about this is figure out a way to make people not angry, but continue to fo as much shady shit as they can.
ai ethics teams are a joke. They deserve to get fired.
Definitely wasn’t aware of that…
literally fired their entire AI Ethics team
https://www.theverge.com/2023/3/13/23638823/microsoft-ethics-society-team-responsible-ai-layoffs
It’s always one of the first things to get cut when companies try to save money.
Well I know companies are willing to terminate employees for the sake of keeping up profits or preventing the loss of a company, no doubt. But the fact that they terminated an entire department - AI Ethics. Which I have to only assume is not a good idea when you’re implementing a new technology that can definitely go out of control.
You mean they have been letting it slip?
If Microsoft cares so much about security, then WTF are they doing greenlighting a project like CoPilot / Recall?
Businesses that buy the enterprise versions of their software can disable those features in policy.
They are far less concerned with your security than their paying customers: businesses.
Its part of their large scale automation strategy, wherein they gobble up as much of the business practices of an organization’s staff as possible and then offer to provide “AI Employees” who replicate the logic of human staffers at a discounted price.
Like most big tech companies, they’re actually several divisions all competing with each other. Lately, the AI divisions have latched on to the hype and they’re pushing their wares to other divisions, often with enough clout to keep those in security/privacy quiet. Integrating LLM’s is also a great way for a middle manager type to curry favour with the bosses, and to build little empires for themselves.
deleted by creator
To be fair, MS “delayed” recall yesterday to fix the security issues, everybody else is hoping this is a soft-kill https://www.theverge.com/2024/6/13/24178144/microsoft-windows-ai-recall-feature-delay
If Microsoft cares so much about security
they don’t, this is all lip service
Microsoft cares so much about security
Are you kidding? I’ve known Microsoft as a shitty software vendor that gives a rats ass about security for over 40 years now. Microsoft never has cared about security, it’s a running gag at this point
Too late. Linux is going from my hobby project to my primary OS by the time they stop providing Windows 10 updates, if not sooner.
Thats what I did when win 7 support was ending, been very happy and there’s no way I’m going back to Windows.
The only way to get them to really make changes is to leave.
Too late, my office just switched to Linux.
…what? What kind of office do you work in that understands linux??? Most offices I’ve worked in don’t even understand the copier.
Software.
Don’t take any of their words for granted. They know exactly what they’ve been doing, and what they’re doing now
My suggestion, based on more than three decades of observing and interacting with this company: don’t believe a fucking thing they say, ever.
Rough month for reflection at M$. Possibly finally took it too far with users via Recall and - quite a feat here - showed Microsoft in a negative light for another big solidified base in government.
So we start…click on the paint brush icon…that tiny colourful thing right under the big ass “W” Icon. Now hit agree on the window asking if you’re secure. Wait a few moments and agree you your 2FA app on your phone. You might have to ask your wife to agree if you are married and bought the license for your spouse only. Cheapskate! Now stay here for a few minutes, we’ve called the 🚓🚨 police.
Microsoft uses damage control.
fancy animation
It was not effective.
Microsoft is confused.
It hurt itself in it’s confusion.
