this post was submitted on 15 Jul 2023
69 points (93.7% liked)

Technology

35000 readers
252 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.


Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.


Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
top 2 comments
sorted by: hot top controversial new old
[–] phase_change 20 points 1 year ago* (last edited 1 year ago)

As a guy responsible for a 1,000 employee O365 tenant, I’ve been watching this with concern.

I don’t think I’m a target of state actors. I also don’t have any E5 licenses.

I’m disturbed at the opaqueness of MS’ response. From what they have explained, it sounds like the bad actors could self-sign a valid token to access cloud resources. That’s obviously a huge concern. It also sounds like the bad actors only accessed Exchange Online resources. My understanding is they could have done more, if they had a valid token. I feel like the fact that they didn’t means something’s not yet public.

I’m very disturbed by the fact that it sounds like I’d have no way to know this sort of breach was even occurring.

Compared to decades ago, I have a generally positive view of MS and security. It bothers me that this breach was a month in before the US government notified MS of it. It also bothers me that MS hasn’t been terribly forthcoming about what happened. Likely, there’s no need to mention I’m bothered that I’m so deep into the O365 environment that I can’t pull out.

[–] [email protected] 15 points 1 year ago

Vendor lock-in is 100 times worse today than it was 20 years ago. It’s vile, insidious and borderline cruel. Microsoft doesn’t want to work with anyone, they never have and they never will.

Any feelings of openness and cooperation you get from them is engineered, from the ground up, to ensure that they are in a position of control over you.

Their crack security team is not the result of some spontaneous and sudden desire to protect their customers. It’s a consequence of having to constantly triage the financial impacts of a never-ending stream of critical vulnerabilities.

Labelling this proprietary shit “ecosystems” is insulting to ecosystems. They mere notion that you should be using Microsoft software to monitor, secure and protect your Microsoft software is downright ridiculous.

Microsoft is not the only, and maybe not even the worst, in a long list of hand-wringing, life-sucking, progress-hindering companies who people will willingly defend because these companies have forced their way into becoming a part of our identities.