Microsoft Accused of Cybersecurity Lapses That 'Enabled China to Spy on the U.S. Government'

General
Microsoft Accused of Cybersecurity Lapses That 'Enabled China to Spy on the U.S. Government'
[After Microsoft admitted that its Azure platform was breached by Chinese hacking group Storm-0558, Amit Yoran, chairman and CEO of network security giant Tenable, took to Microsoft-owned social platform took to LinkedIn to vent his frustration with Microsoft's security practices.

Yoran cited a recent letter sent by U.S. Senator Ron Wyden to the Cybersecurity and Infrastructure Security Administration (CISA), the Department of Justice (DoJ), and the Federal Trade Commission (FTC), in which he called out Microsoft for its "lack of transparency" and "the . and a repeated pattern of negligent cybersecurity practices that have enabled Chinese espionage against the U.S. government" (via The Verge).

This is quite an accusation, and the Google Project Zero numbers seem to add insult to injury, as Yolan notes that "Microsoft products account for 42.5% of all zero days discovered since 2014."

Yoran's main argument centers on the Azure hack. He says that members of Tenable's research team had previously checked Azure for potential security issues and were able to quickly access fairly sensitive banking credentials.

His team notified Microsoft as soon as they realized the severity of the problem, but Yolan is quite upset with the seemingly cavalier attitude taken on this issue.

"Did Microsoft immediately fix a problem that could have led to the compromise of multiple customers' networks and services? It took Microsoft over 90 days to implement a partial fix.

When Yolan's post went up 120 days later, the details of these banks remained exposed. And while Microsoft has promised to fix the problem by September, Yolan has made clear that he feels that waiting four months for a fix is "extremely irresponsible, if not blatantly negligent."

Categories