US senator victim-blames Microsoft for Chinese hack US senator Ron Wyden (D-OR) thinks it's Microsoft's fault that Chinese hackers broke into Exchange Online, and he wants three separate government agencies to launch investigations and hold the Windows giant "responsible for its negligent cyber security practices." In a letter [PDF] sent to the Department of Justice, …
US senator Ron Wyden (D-OR)..... wants three separate government agencies to launch investigations and "hold Microsoft responsible for its negligent cyber security practices."
And by "hold Microsoft responsible for its negligent cyber security practices." is that US government wanting to get their sticky mitts on Microsoft's private wealth with a punitive arbitrarily decided fiat currency charge for payment to government levied against them? It appears to be American way in all such similarly ethereal cases.
Such an abomination could then be rightly equitably used and charged against the leaderships and offices of the government/public sector for massive private business losses incurred because of the serial incompetence of such leaderships and institutions.
One without the other is surely crooked to the criminal core, is it not? What is the correct answer to that inconvenient question asked of the land of the free and home of the brave?
‘US senator Ron Wyden (D-OR) thinks it's Microsoft's fault that Chinese hackers broke into Exchange Online, and he wants three separate government agencies to launch investigations and "hold Microsoft responsible for its negligent cyber security practices."’
Well, he's not wrong !!!
“Wyden argued that Microsoft enabled the attack through four distinct security failures.”
Well, he's not wrong !!!
“Wyden asserts that Microsoft failed its customers by employing just a single encryption key with the power to forge access to customer accounts – including those belonging to US government agencies.”
Well, he's not wrong !!!
“He also says Microsoft was negligent in not storing high-value encryption keys in a hardware security module”
Well, he's not wrong !!!
“and is concerned that security audits, both internal and external, failed to find security weaknesses that enabled the hack.
Well, he's not wrong !!!
“the stolen security key had expired in 2021 yet was still usable”
Well, he's not wrong !!!
"victim blaming" is a term that originates in feminist sociology. As in, if a woman sequentially attaches to four different men who beat the crap out of her and if someone points out that maybe she has issues: that's "victim blaming".
I'm puzzled, why was the US government using Microsoft for 'sensitive emails', can't the NSA provide email services?
I'm puzzled because everybody knows the US government have all their computers isolated from the internet, can only be used by being physically present in front of the actual machine's only keyboard and monitor. When the room is vacated the door is securely locked and the floor becomes touch sensitive.
And the only person who can access it unauthorized, is Ethan Hunt who enters via the ceiling on a steel wire, while probably wearing a rubber mask.
I think the use of the term “victim blaming” in this context is totally wrong as it devalues the concept as it is generally used (eg rape/domestic abuse victims).
If you’re a megacorps up against state (-sponsored) adversaries then you have resources applenty and attacks are guaranteed (and to a large extent legitimate) so security is all down to you.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
