Oddbean new post about | logout
Kevin Beaumont | 1 years ago (raw) | export | reply | flag 
 Blistering assessment of Microsoft’s security culture woes in Risky Business today. 

I think it’s fair. I’ve had a few MS people tell me this incident wasn’t a big deal at all for Microsoft, and every time somebody says that as a customer I cringe, as there’s clearly downplaying within Microsoft. 

https://open.substack.com/pub/srslyriskybiz/p/microsofts-security-culture-just?r=4ba8u&utm_medium=ios&utm_campaign=post
6ac0a776 | 1 years ago (raw) | root | parent | reply | flag 
 @f7d0478e
I still don't understand why they don't do signing in the hsm.  If the key isn't in memory then it's not in the crashdump.
81ef8ef4 | 1 years ago (raw) | root | parent | reply | flag 
 @f7d0478e The company that brought the world Internet Explorer and autorun.ini on CDs has a security culture problem?

I'm shocked!
d2659eda | 1 years ago (raw) | root | parent | reply | flag 
 @f7d0478e  Is it 100 percent fair though? I mean, there is what lawyers will let people say to take into account.
6d268370 | 1 years ago (raw) | root | parent | reply | flag 
 @f7d0478e Again, incentives are aligned wrong. Its insane that Microsoft creates the problem and then they sell you security to try and mitigate the problems they create. Its like The Sopranos