SN 833: Microsoft's Reasoned Neglect

Beep boop - this is a robot. A new show has been posted to TWiT…

What are your thoughts about today’s show? We’d love to hear from you!

“If Bruce is right”, this is another reason to avoid Microsoft like any other standardised and proprietary solution. If Bruce is not right, it would be the same. That Microsoft has back doors with three letter agencies always used to be common gospel (however somewhat mythical). That a back door might be simply an intentionally-left-insecure-cat-flap is just another, maybe even more modern operationalisation.

But hey. The world seems to have accepted that many moons ago. Hence the lack of resonance on the story. Surveillance and intelligence will likely be one of the big reasons why digitalisation had such a drive over the past 50 years.

Have to say: brilliant little piece of (what I’d like to call even though it’s not strictly) investigative (rather: recollective / plausibly speculative) journalism on the subject!

This is so exciting to see Steve’s brilliant mind to finally wake up to see what is really happening! Now let’s see how long he will think it is for the sake of national security…

1 Like

While it took Microsoft a long time to fix the Exchange bug, for instance, it took the Exim team nearly twice as long to fix their bug. They were informed last October of a major security bug and the worked hard in coordination with the bug reporter and their update came out a couple of weeks after the Exchange update.

At the time, Steve said how quickly Exim had responded, compared to Microsoft, yet he went from the time the CVEs were announced, I believe, he seemed to have missed the whole back story about the reporting in October and the close work with the security team that found the bug. They worked closely with the distributions and got everything in place for a role-out, before any information was made public.

The Printnightmare catastrophy, on the other hand, is harder to explain, except that it is “working as intended” and through that, it is vulnerable. Fixing that is a huge undertaking, because it means re-writing the whole printer driver subsystem to get the functionality back, but in a safe manner. That is a huge undertaking and would require many months to get right and get properly tested.