Lemmy.zip

2,802 readers
204 users here now

Welcome to Lemmy.zip - a community for like minded people to come and have a chat about almost anything. From games to tech, to anything else, come and have a chat.

If you're new and would like to join Lemmy.zip, please fill in the sign up form. Email verification is required. (Please check your spam folder!)

Once you're signed up, come and introduce yourself in our Home community!

Useful Links

m.lemmy.zip - Our Mobile/Tablet site
old.lemmy.zip - A familiar desktop experience!
a.lemmy.zip - A desktop-first UI
t.lemmy.zip - An alternative Mobile/Tablet UI with lots of features!
Join our Matrix Chat!

Instance Rules

To maintain the high standard of discourse and interaction we all value, each user must adhere to the guidelines outlined in our Code of Conduct. This set of rules is designed not just to maintain order but also to ensure a safe and inclusive environment for everyone to share their thoughts and ideas.

What to Expect in Our Code of Conduct:

Respectful Communication: We strive for positive, constructive dialogue and encourage all members to engage with one another in a courteous and understanding manner.
Inclusivity: Embracing diversity is at the core of our community. We welcome members from all walks of life and expect interactions to be conducted without discrimination.
Privacy: Your privacy is paramount. Please respect the privacy of others just as you expect yours to be treated. Personal information should never be shared without consent.
Integrity: We believe in the integrity of speech and action. As such, honesty is expected, and deceptive practices are strictly prohibited.
Collaboration: Whether you're here to learn, teach, or simply engage in discussion, collaboration is key. Support your fellow members and contribute positively to shared learning and growth.

If you enjoy reading legal stuff, you can check out legal.lemmy.zip.

Funding

If you would like to contribute to the upkeep of Lemmy.zip, please head over to OpenCollective.
Anything you're happy to donate is very highly appreciated!
You'll even get your name in the Thank You thread.

If you want to use PayPal, you can donate via Ko-Fi:

Server

founded 1 year ago

ADMINS

Demigodrick

Sami

ZippyBot

Microsoft Chose Profit Over Security and Left U.S. Government Vulnerable to Russian Hack, Whistleblower Says (www.propublica.org)

submitted 3 months ago by [email protected] to c/technology

1 comments fedilink

Archived version

Former employee Andrew Harris says the software giant dismissed his warnings about a critical flaw because it feared losing government business. Russian hackers later used the weakness to breach the National Nuclear Security Administration, among others.
Harris said he pleaded with the company for several years to address the flaw in the product. But at every turn, Microsoft dismissed his warnings, telling him they would work on a long-term alternative — leaving cloud services around the globe vulnerable to attack in the meantime.
He scrambled to alert some of the company’s most sensitive customers about the threat and personally oversaw the fix for the New York Police Department. Frustrated by Microsoft’s inaction, he left the company in August 2020.
Within months, his fears became reality. U.S. officials confirmed reports that a state-sponsored team of Russian hackers had carried out SolarWinds, one of the largest cyberattacks in U.S. history. They used the flaw Harris had identified to vacuum up sensitive data from a number of federal agencies, including the National Nuclear Security Administration, which maintains the United States’ nuclear weapons stockpile, and the National Institutes of Health, which at the time was engaged in COVID-19 research and vaccine distribution.
The Russians also used the weakness to compromise dozens of email accounts in the Treasury Department, including those of its highest-ranking officials. One federal official described the breach as “an espionage campaign designed for long-term data collection".
From the moment the hack surfaced, Microsoft insisted it was blameless. Microsoft President Brad Smith assured Congress in 2021 that “there was no vulnerability in any Microsoft product or service that was exploited” in SolarWinds.
The Microsoft manager also said customers could have done more to protect themselves.
Harris said they were never given the chance. "The decisions are not based on what’s best for Microsoft’s customers but on what’s best for Microsoft,” he said.