Most active commenters
  • ratg13(6)
  • BodyCulture(4)
  • hulitu(4)

←back to thread

Microsoft said it lost weeks of security logs for its customers' cloud products

(techcrunch.com)
285 points alephnerd | 35 comments | 20 Oct 24 21:42 UTC | HN request time: 1.643s | source | bottom
Show context
neya ◴[21 Oct 24 07:28 UTC] No.41901576[source]
If you use Azure in any realistic production environments, then it's on you. Even with $100k in free credits, they couldn't convince me to use it for more than a month. It is expensive, the interface is highly user unfriendly and most important of all, their products don't at all seem reliable for production workloads because of stuff like this. Sorry Microsoft, I think you can do much better.
replies(15): >>41901755 #>>41902286 #>>41902571 #>>41902679 #>>41902715 #>>41903167 #>>41903320 #>>41903580 #>>41903869 #>>41904371 #>>41904976 #>>41905535 #>>41905826 #>>41905858 #>>41907485 #
1. BodyCulture ◴[21 Oct 24 08:01 UTC] No.41901755[source]
I was laughing recently when at some place they started to install MS software on all Linux machines to integrate them into Azure. At that point you should just stop and think for a while about it. Didn’t you go for Linux because you wanted to have a reliable system?
replies(1): >>41902267 #
2. ratg13 ◴[21 Oct 24 09:34 UTC] No.41902267[source]
The MS security software (for better or worse), is better than any open-source linux solution, and can follow attackers as they move laterally through the network, instead of linux servers being a big black hole were adversaries can do as they please.

All security software from any vendor is going to have issues, and often you just have to go with whatever the company is running for the whole environment and not compromising security because of some jokes from the 90s

replies(9): >>41902295 #>>41902467 #>>41902535 #>>41903119 #>>41903242 #>>41903448 #>>41903573 #>>41903949 #>>41911336 #
3. BSDobelix ◴[21 Oct 24 09:37 UTC] No.41902295[source]
>and can follow attackers as they move laterally through the network,

That i wanna see ;)))

4. blueflow ◴[21 Oct 24 10:00 UTC] No.41902467[source]
> and can follow attackers as they move laterally through the network

... which does not stop them from disrupting production and stealing your data. Your defenses are at the wrong place.

replies(1): >>41902531 #
5. ratg13 ◴[21 Oct 24 10:12 UTC] No.41902531{3}[source]
It does stop them, actually. It's not perfect, but it does work.
6. light_hue_1 ◴[21 Oct 24 10:12 UTC] No.41902535[source]
The joke from the 90s is the fact that people still use MS products and think they aren't compromising security. MS have had disastrous outcome after disastrous outcome with an uncountable amount of security holes. There's been an astronomical toll on the economy from their crappy software with no end in sight.
replies(2): >>41903329 #>>41903707 #
7. Gud ◴[21 Oct 24 11:50 UTC] No.41903119[source]
Maybe it looks like a black hole to you - but there are open source operating systems with far better security practices than anything that came out of Redmond.
replies(1): >>41903551 #
8. e40 ◴[21 Oct 24 12:06 UTC] No.41903242[source]
Please give us details, because this seems unbelievable.
replies(1): >>41903700 #
9. mschuster91 ◴[21 Oct 24 12:16 UTC] No.41903329{3}[source]
> The joke from the 90s is the fact that people still use MS products and think they aren't compromising security.

Well, it's not like there are that many alternatives. macOS is out of the price range for public service and most large companies, in addition to a lot of specialist software not being available for macOS.

Linux has it even worse regarding application compatibility on desktop - and no, WINE is not an option, because the kind of software used in public services comes with strict stipulations where you can run it, sometimes down to minor versions, and if you violate that, the vendor can and will refuse support. For a lot of FOSS software, there isn't even commercial support available so it gets automatically off the list because companies actually want to pay people so that they have someone to talk to when they get issues. And that's before you hit the cost wall that is employee (re)training.

IMHO, it would have been the role of our governments to mandate MS get their shit together first before diving into AI and advertising crap.

10. stogot ◴[21 Oct 24 12:30 UTC] No.41903448[source]
All the Linux shops I know not using MS security are doing just fine and probably better given the current headline you’re commenting under
replies(1): >>41903539 #
11. ratg13 ◴[21 Oct 24 12:40 UTC] No.41903539{3}[source]
You seemed to have missed my point entirely.

If your organization is running a chosen enterprise security solution, often fragmentation is not better, whatever your reasoning.

replies(1): >>41903586 #
12. ratg13 ◴[21 Oct 24 12:42 UTC] No.41903551{3}[source]
Yes, everything works better in a vaccum. You're not the first person to notice this.

The point is, that if your organization has chosen an enterprise security platform, you don't make exceptions because of ideology.

replies(2): >>41903607 #>>41903968 #
13. BodyCulture ◴[21 Oct 24 12:45 UTC] No.41903573[source]
Mostly it’s the other way around: attackers follow MS „security software“ to get deep into your systems.
replies(1): >>41903986 #
14. BodyCulture ◴[21 Oct 24 12:47 UTC] No.41903586{4}[source]
This is wrong. What you see as fragments are security boundaries for others.
replies(1): >>41904009 #
15. BodyCulture ◴[21 Oct 24 12:50 UTC] No.41903607{4}[source]
The ideology here is „enterprise security platform“. This is marketing brainwash.
replies(1): >>41905572 #
16. ratg13 ◴[21 Oct 24 13:00 UTC] No.41903700{3}[source]
It's just basic EDR .. you have events that are flagged .. so on linux, let's say someone does something like setuid or setgid on a system file. Innocuous but potentially dangerous actions like this get flagged in the system.

These events are correlated against other actions that might have happened on the same system or other systems that the user had logged onto prior to this one.

Even if it's not the same user, the events are still correlated and alerted upon if suspicous. (both individually and holistically)

If users are using microsoft authentication for access, the accounts will be flagged and locked out, generally forcing users to fully authenticate with MFA and forcing a password change.

replies(2): >>41904008 #>>41904348 #
17. ramses0 ◴[21 Oct 24 13:01 UTC] No.41903707{3}[source]
However: Micro$oft deserves _massive_ credit for biting the bullet and systematically improving their security posture post like IE7.

*nix started from a better _initial_ posture as it was multi-user, permissioned, and network-aware from the start (vs. corporate MS-DOS => single user => GUI => networked), but MS really doubled down on systematic improvements that Linux is only now going through.

See the recent CUPS fiasco, C-code from 1999 running as root, and the "stuck in the mud" mentality that Linux has because there isn't the appetite for consistent investment and wholesale overhauls.

It has to do with "activation energy" and "local maxima". Linux feels like it's reached the local maxima, and it's a pretty tall peak to start from, so we can't get over the hump to make a step-change or drop back to a hypothetical "POSIX 0.5" so we can pivot to a "POSIX 2.0" (eg: take the loss for a decade or so in reduced functionality to end up on a more sane "other side" with better security principles and systematic depreciation of inefficient or insecure API-types).

There was a LWN article which talked about "permissions should be managed at the mount level, not the file level", and honestly that makes so much more sense, but it "loses" POSIX, and no one person is willing to "break linux" to admit to that mistake. Tons of other examples (eg: file race conditions, unprivileged by default, more protections on /usr than /home, etc)

replies(2): >>41904005 #>>41905259 #
18. hulitu ◴[21 Oct 24 13:28 UTC] No.41903949[source]
> The MS security software (for better or worse), is better than any open-source linux solution

is it able to detect ransomware ?

Seeing MS and security in the same sentence makes me suspicious.

replies(1): >>41905609 #
19. hulitu ◴[21 Oct 24 13:30 UTC] No.41903968{4}[source]
> The point is, that if your organization has chosen an enterprise security platform, you don't make exceptions because of ideology

You're right. MS can always blame state actors when something fails. /s

20. hulitu ◴[21 Oct 24 13:32 UTC] No.41903986{3}[source]
> Mostly it’s the other way around: attackers follow MS „security software“ to get deep into your systems.

Don't tell them. They just forgot about this with the new Win 11 24H2.

21. justinclift ◴[21 Oct 24 13:34 UTC] No.41904005{4}[source]
> but MS really doubled down on systematic improvements

Doesn't seem to have really worked for MS though, as evidenced by their many significant security lapses over the last several years.

The US Gov even officially called them out on it a few months ago, specifically singling out MS for their atrocious repeated security fuck ups.

replies(1): >>41904903 #
22. hulitu ◴[21 Oct 24 13:34 UTC] No.41904008{4}[source]
> If users are using microsoft authentication for access, the accounts will be flagged and locked out, generally forcing users to fully authenticate with MFA and forcing a password change.

Last i heard the "state actors" had access to AD master credentials.

23. BSDobelix ◴[21 Oct 24 13:34 UTC] No.41904009{5}[source]
Correct that's why for example the Root-DNS servers run Linux,FreeBSD and Windows.
24. simonh ◴[21 Oct 24 14:09 UTC] No.41904348{4}[source]
Microsoft isn't the only company to provide a service like this, and the others are cross platform.
replies(2): >>41904567 #>>41905104 #
25. gruez ◴[21 Oct 24 14:29 UTC] No.41904567{5}[source]
Crowdstrike, for instance :^)
replies(1): >>41904950 #
26. ramses0 ◴[21 Oct 24 14:57 UTC] No.41904903{5}[source]
Downvotes accepted, I guess, but there was a step-change improvement. References:

https://www.itprotoday.com/attacks-breaches/the-story-behind...

https://www.microsoft.com/en-us/security/blog/2022/01/21/cel...

...while they may also (deservedly) be getting flack now, 20 years ago it was orders of magnitude worse.

27. BobaFloutist ◴[21 Oct 24 15:02 UTC] No.41904950{6}[source]
Hey, an outage is better than a hack...right?
replies(1): >>41905182 #
28. EricE ◴[21 Oct 24 15:16 UTC] No.41905104{5}[source]
Or open source - security onion is amazing!
29. lkjdsklf ◴[21 Oct 24 15:24 UTC] No.41905182{7}[source]
A crashed machine is a secure machine.

That’s what grampy used to say

replies(1): >>41905831 #
30. nullindividual ◴[21 Oct 24 15:32 UTC] No.41905259{4}[source]
> *nix started from a better _initial_ posture as it was multi-user, permissioned, and network-aware from the start (vs. corporate MS-DOS => single user => GUI => networked)

Windows NT started as a multi-user, permissioned, and network-aware OS. The team that built NT came from DEC, not the MS-DOS team.

Windows Me was the last version of Windows that had any form of DOS underpinnings.

31. ratg13 ◴[21 Oct 24 16:05 UTC] No.41905572{5}[source]
At the moment I can trace every action of every user on every machine, all from one platform that alerts me if anything abnormal happens.

As an administrator of around 10,000 servers and devices, I have never had this ability before.

I am sure there are better products out there, but this is what the company purchased, and the visibility it has given us into our organization has been a game changer for us.

I apologize for not hating it just because it is Microsoft.

replies(1): >>41905840 #
32. stackskipton ◴[21 Oct 24 16:08 UTC] No.41905609{3}[source]
Yes. Their security products are not terrible outside the fact many are acquisitions that have been shoehorned poorly into InTune.
33. opwieurposiu ◴[21 Oct 24 16:35 UTC] No.41905831{8}[source]
If you can't boot it, they can't hack it.
34. eitally ◴[21 Oct 24 16:35 UTC] No.41905840{6}[source]
Arguably, I'm not as concerned about "every action of every user on every machine" as I am the exceptions, and the usability issues the aforementioned "security platform" causes in terms of end user efficiency are probably not offset by the perceived security gains from your POV.

Fwiw, for as much rightful criticism as Google receives for things like killing consumer products and behaving badly with user data, its internal IT runs better than -- in my opinion as an ex-employee -- any other large enterprise in the world. And it's secure.

35. neya ◴[22 Oct 24 05:02 UTC] No.41911336[source]
> The MS security software (for better or worse), is better than any open-source linux solution

[citation needed]