Microsoft Refused to Fix Flaw Before SolarWinds Hack, Whistleblower Says
Рет қаралды 3,944
21 күн бұрынFor years, an engineer at Microsoft flagged a flaw in a product that people use to log in to their devices with single sign-on. The company dismissed his warnings. One product leader told him that acknowledging the weakness could interfere with Microsoft’s business goals.
Russian hackers later took advantage of that flaw in one of the biggest cyberattacks in U.S. history, SolarWinds. They used it to compromise the National Institutes of Health, the National Nuclear Security Administration and the Department of the Treasury.
In June, Microsoft President Brad Smith testified at a congressional hearing and was grilled about what government investigators called the company’s “cascade of security failures” in another hack.
ProPublica’s Renee Dudley breaks down what happened to whistleblower Andrew Harris and what Microsoft is saying it is doing to mitigate future attacks.
To read our investigation, go to: propub.li/3L78gex
📰: Renee Dudley, with research by Doris Burke
🎨: Anuj Shrestha
🎥: Jose Sepulveda
-
ProPublica is an independent, nonprofit newsroom that produces investigative journalism with moral force.
+ Donate to support our work: propub.li/3WE9AMv
+ Sign up for our weekly newsletter: propub.li/2oyN8DY
+ Follow us on X/Twitter: / propublica
+ Follow us on Instagram: / propublica
+ Follow us on TikTok: / propublica
+ Follow us on Facebook: / propublica
+ Follow us on Threads: www.threads.net/@propublica
+ Follow us on Mastodon: newsie.social/@ProPublica
+ Follow us on Bluesky: bsky.app/profile/propublica.b...
+ Join our WhatsApp broadcast channel: propub.li/whatsapp
@196cupcake 19 күн бұрын
We're coming up on one month since the story came out. Does Mr. Smith want to come back to Congress and give an update now that he's had a month to think about it?
@mc4ndr3 16 күн бұрын
the few people in the industry who try to take security seriously delegate all of the responsibility: to a security team, a security appliance, a security quiz. nobody here improves security posture, by, for example, taking a production system offline to address viruses.
@juanmacias5922 19 күн бұрын
Didn't MS also not do anything about the hacking tool Back Orifice that the group Cult of the Dead Cow made back in the 90s, that was a hacking tool used on Windows 98, and 95, since those OS ran with administrative privileges, and all MS did was when they released XP it was based on their NT OS, which did have admin privileges locked. This isn't the first, nor the last.
@burgermind802 19 күн бұрын
Yes. Hacking with back orifice gave you full access to endless windows desktops... There was literally zero security.
@artforartsake888 19 күн бұрын
This is how companies quietly sell your private data.
@TheDavidlloydjones 13 күн бұрын
Evidence? Nahh, 'Nuther cheap, cynical halfwit.
@snowfort77 19 күн бұрын
MS sucks.
@Raptorman0909 17 күн бұрын
For M$, and pretty much all other companies in the tech world harvesting personal data on their users/customers is job one. Storing all that personal private data is a big task, but M$ didn't think properly securing that data was economically required -- and they're right. If you can make bank on al the data you harvest from your users and the government will do little or nothing when they fail to protect their users so there's little harm to come to M$ et al even when enormous numbers of people are harmed by the data breaches. IOW, if M$ can make billions hoovering up private data and it only costs them a few million to respond to the breach there is ZERO incentive for them to do more to protect our data.
@omi_god 16 күн бұрын
All your data has been freely available since long before this hack was discovered. That cow has been out of the barn a long, long time.
@seinfan9 13 күн бұрын
Part of the problem is a lot of the software engineers that aren't cybersecurity savvy don't respect the concerns that a cybersecurity team would have and the cybersecurity team doesn't know how to communicate with them. "This is needlessly complicated... You don't know what you're doing... What you want is impossible... I think you are getting carried away with your paranoia..."
@katherenewedic8076 19 күн бұрын
what interest does Ms have in keeping anyone safe?
@CatherineSTodd 18 күн бұрын
katherene: right. Microsoft created the viruses and problems with Windows, then they then charged people $250.00 per hour to fix. With MS, IT NEVER ENDS.
@snarkykat 16 күн бұрын
This is the big problem with corporations: they can't be sent to jail (or be given capital punishment), so they ultimately get away with egregious behavior with a mere slap on the wrist. It's just infuriating! Then, to add insult to injury, their supporters, including, and especially the members of their boards and the GOP go on to assert that corporations have or should have the same rights as individuals. This nonsense MUST stop immediately!
@the_expidition427 11 күн бұрын
It's a non partisian problem that indiscriminate for the uniparty
@snarkykat 11 күн бұрын
@@the_expidition427 I agree with you. This problem affects everyone but the wealthy, regardless of what their political leanings are. In the process, the wealthy and large corporations just keep cashing in. It's a vicious cycle
@Milan____ 13 күн бұрын
Rust language mention. Not in the video, just in this comment.
@thecentralservices3534 13 күн бұрын
Well, your SolarWinds attack problem it's not really our Microsoft problem, is it. It's your problem, not ours.
@tonywood3660 12 күн бұрын
Would you trust anything from Microsoft these days..? Nope. Like trusting Musk with safe FSD.
@normalguycap 18 күн бұрын
Nationalize them.
@CatherineSTodd 18 күн бұрын
nornal, if you've ever lived in a country where businesses have been "nationalized," you would know not to want that.
@normalguycap 18 күн бұрын
@@CatherineSTodd lol your ignorance is astounding. Every time it's happened in the United States it's been a good thing. Got us out of the great depression too. Most privates sell you the free tech and services the govt offers already including the weather service. Why do you think corpos fight so hard to lobby against any punishment? We still use infrastructure from the 1960s. Are you crazy? Did you forget the housing and automobile crashes less than two decades ago? They were not nationalized. You couldn't even spell normal even with an edit. Your education has utterly failed you.
@normalguycap 18 күн бұрын
@@CatherineSTodd we are like 12th in internet quality. Korea beats us, know why? Nationalized service.
@normalguycap 16 күн бұрын
@@CatherineSTodd Your education has utterly failed you. And you couldn't even spell "normal" even with your edit. your ignorance is astounding. Every time it's happened in the United States it's been a good thing. Got us out of the great depression too or did you forget how FDR's programs worked? Ask yourself why the programs that saved us have been repealed bit by bit each decade since his administration. Most private companies today sell you the free tech and services the govt already offers, including the weather service. They are mere middlemen. Did you forget the housing and automobile crashes in the past two decades? Or both recessions? Sure, our status quo is good is that what you're saying? Do you not know that WE torpedo'd those nations were they nationalize businesses? Wouldn't want it catching on here. It's why we only do it in South America and not Europe where it's definitively successful. You clearly know nothing about history, about the world, about economics, and let someone else do your thinking for you. I wonder if you listen to fox news or something.
@normalguycap 16 күн бұрын
@@CatherineSTodd Your education has utterly failed you. And you couldn't even spell "normal" even with your edit. your ignorance is astounding. Every time it's happened in the United States it's been a good thing. Got us out of the great depression too or did you forget how FDR's programs worked? Ask yourself why the programs that saved us have been repealed bit by bit each decade since his administration. Most private companies today sell you the free tech and services the govt already offers, including the weather service. They are mere middlemen. Did you forget the housing and automobile crashes in the past two decades? Or both recessions? Our status quo is good is that what you're saying? Do you not know that WE torpedo'd those nations were they nationalize businesses? Wouldn't want it catching on here. It's why we only do it in South America and not Europe where it's definitively successful. You clearly know nothing about history, about the world, about economics, and let someone else do your thinking for you. I wonder if you listen to fox news or something.
NewsChannel 5
Рет қаралды 580 М.
Boston 25 News
Рет қаралды 1,2 М.
Low Level Learning
Рет қаралды 673 М.