• gravitas_deficiency@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    40
    arrow-down
    1
    ·
    edit-2
    5 months ago

    I’ll wait until they demonstrably prioritize security. Corporations will say literally anything to avoid negative PR.

    Edit:

    But also, this isn’t actually about Recall:

    Microsoft is pivoting its company culture to make security a top priority, President Brad Smith testified to Congress on Thursday, promising that security will be “more important even than the company’s work on artificial intelligence.”

    Satya Nadella, Microsoft’s CEO, “has taken on the responsibility personally to serve as the senior executive with overall accountability for Microsoft’s security,” Smith told Congress.

    His testimony comes after Microsoft admitted that it could have taken steps to prevent two aggressive nation-state cyberattacks from China and Russia.

    According to Microsoft whistleblower Andrew Harris, Microsoft spent years ignoring a vulnerability while he proposed fixes to the “security nightmare.” Instead, Microsoft feared it might lose its government contract by warning about the bug and allegedly downplayed the problem, choosing profits over security, ProPublica reported.

    Holy fuck. This is like National Security level shit. As in, potentially dire implications on supposedly-secure SCI-related systems. There will probably be Very Fucking Serious criminal charges of the type that you can’t rub money on to get out of.

    Say it with me now: this is what happens when you let the business and finance idiots run the show.

  • Ephera@lemmy.ml
    link
    fedilink
    English
    arrow-up
    19
    ·
    5 months ago

    You mean like how they told their employees to prioritize security above all else and then had effectively none in Recall?

  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    6
    ·
    5 months ago

    This is the best summary I could come up with:


    The company has invited the Cybersecurity and Infrastructure Security Agency to attend a “detailed technical briefing” on SFI and Microsoft’s other engineering objectives to explain “the specific ways we are implementing the CSRB’s recommendations,” Smith said.

    Although he acknowledged that Microsoft has “by far the first and greatest responsibility” to heed the CSRB’s report, “no single company can protect a country and other nations from what is emerging as a cyberwar waged by four aggressive governments,” Smith said.

    Smith suggested that the committee members could “do more in support of cyber defense” by funding critical cybersecurity programs, strengthening countermeasures, and “imposing appropriate punishment” and heavy fines to deter malicious activity.

    The spokesperson further explained that Microsoft historically has prioritized its "security response work by considering potential customer disruption, exploitability, and available mitigations.”

    “We continue to listen to the security research community and evolve our approach to ensure we are meeting customer expectations and protecting them from emerging threats,” Microsoft’s spokesperson said.

    “We accept responsibility for the past and are applying what we’ve learned to help build a more secure future,” Smith said, vowing that Microsoft would soon “establish stronger multi-layered defenses to counter the most sophisticated and well-resourced nation-state actors.”


    The original article contains 541 words, the summary contains 200 words. Saved 63%. I’m a bot and I’m open source!

  • atrielienz@lemmy.world
    link
    fedilink
    English
    arrow-up
    5
    ·
    5 months ago

    Do they not have an active leak where people’s outlook account information is just out there and accounts are getting stolen?