this post was submitted on 02 May 2024
0 points (NaN% liked)

Technology

1990 readers
1 users here now

Post articles or questions about technology

founded 2 years ago
MODERATORS
seahorse@midwest.social
0
At Microsoft, years of security debt come crashing down (www.cybersecuritydive.com)
submitted 4 months ago by MacedWindow@lemmy.world to c/technology@midwest.social
4 comments fedilink hide all child comments
top 4 comments
sorted by: hot top controversial new old
[–] ed_cock@feddit.de 0 points 4 months ago* (last edited 4 months ago) (2 children)

In a healthy marketplace, these would be fireable offenses. Regrettably, the marketplace is far from healthy — Microsoft has the government locked in as a customer, so the government’s options for forcing change at Microsoft are limited, at least in the short term.

And that's why nothing will happen to MS, except maybe line go down a bit. But then line will go up again so it's all good.

Kinda annoyed by articles like this making it sound like security wasn't always an afterthought at MS though. It's just that it's even worse with everything being forced online to push SaaS revenue.

Them just quietly throwing the towel when it comes to Bitlocker getting circumvented on Windows 10 because the recovery partition is too small is only the tip of that shitberg.

As long as decision makers will flip their shit when they can't have PowerPoint and Outlook the company will just keep on trucking'

[–] sic_1@feddit.de 0 points 4 months ago* (last edited 4 months ago)

What I don't get is that there is not even a discussion about repercussions, regardless of what country is affected. The money paid annually to M$ would be sufficient to equip any government computer with Linux and develop Linux based variants for any special case software needed.

I mean I get why there is no change, their lobbyists are entrenched as hell, but there isn't even a discussion!

[–] calamityjanitor@lemmy.world 0 points 4 months ago (1 children)

Bitlocker getting circumvented on Windows 10 because the recovery partition is too small

What's this about?

[–] ed_cock@feddit.de 0 points 4 months ago

@4am@lemm.ee already explained most of it, Bitlocker comes into play because the recovery environment can be booted without needing to provide the recovery key for Bitlocker, the vulnerability that is being patched additionally allows bypassing the need to log into it.

That said, Microsoft frequently disables Bitlocker anyway to do OS updates, it really only works if you enable the additional pin feature.