Most active commenters

    ←back to thread

    Foreign hackers breached a US nuclear weapons plant via SharePoint flaws

    (www.csoonline.com)
    433 points zdw | 14 comments | 21 Oct 25 15:51 UTC | HN request time: 0.421s | source | bottom
    1. zelphirkalt ◴[21 Oct 25 18:16 UTC] No.45659480[source]
    Hahaha, how stupid must anyone be to deploy SharePoint anywhere near anything of national security relevance! How can it still be a thing, that anyone entrusted with such sensitive matter dates to even touch MS products of the kind of SharePoint? That includes the complete MS Office 365 disaster suite, MS Teams and Edge.

    Sounds like they need to seriously redesign their security policies.

    replies(4): >>45659991 #>>45660466 #>>45660486 #>>45660738 #
    2. givemeethekeys ◴[21 Oct 25 18:52 UTC] No.45659991[source]
    But, look at everything we get for free! /s
    3. count ◴[21 Oct 25 19:26 UTC] No.45660466[source]
    I have some reaallllly bad news for you on that front.
    4. belter ◴[21 Oct 25 19:27 UTC] No.45660486[source]
    Wait until you hear about the guy storing Top Secret Nuclear documents in the public toilet of his resort....
    replies(2): >>45660524 #>>45661071 #
    5. timeon ◴[21 Oct 25 19:30 UTC] No.45660524[source]
    Or the one that invites journalist to Signal group during combat mission.
    6. jahewson ◴[21 Oct 25 19:46 UTC] No.45660738[source]
    What would you recommend instead?
    replies(1): >>45661065 #
    7. baobun ◴[21 Oct 25 20:13 UTC] No.45661065[source]
    For security-critical or sensitive situations, auditability should be a requirement. That implies access to source code and capabilty to build it.

    Decisions like these need to be done from first principles. SharePoint shouldn't even have been a contender here if looked at seriously. Do your own homework.

    replies(3): >>45661491 #>>45664033 #>>45665985 #
    8. belter ◴[21 Oct 25 20:13 UTC] No.45661071[source]
    Down voting like it never happened... https://upload.wikimedia.org/wikipedia/commons/5/52/Classifi...
    replies(1): >>45662252 #
    9. LoganDark ◴[21 Oct 25 20:47 UTC] No.45661491{3}[source]
    Doesn't Microsoft have government programs that grant source code access for products like Windows and (probably) SharePoint?
    10. bcrosby95 ◴[21 Oct 25 21:58 UTC] No.45662252{3}[source]
    In general you'll get downvoted if you're talking about any politician or political party. You are allowed to shit on (or advocate for) the government doing stuff tho.
    11. Havoc ◴[22 Oct 25 01:42 UTC] No.45664033{3}[source]
    Think you answered just about everything except the question asked
    replies(1): >>45665065 #
    12. rcbdev ◴[22 Oct 25 05:04 UTC] No.45665065{4}[source]
    I think this guy wants OpenBSD running on a POWER-based Mainframe at every governmental organization.
    replies(1): >>45672713 #
    13. mmooss ◴[22 Oct 25 07:46 UTC] No.45665985{3}[source]
    > For security-critical or sensitive situations, auditability should be a requirement. That implies access to source code and capabilty to build it.

    Vendors can be accountable without providing source code, for example through contracts specifying performance.

    I don't know how large Sharepoint's source is, though it has many components and I assume there is quite a bit of code. Auditing the source code of something like Microsoft Office seems almost impossible.

    > first principles.

    What does that mean in this context?

    14. saltcured ◴[22 Oct 25 17:52 UTC] No.45672713{5}[source]
    Well, if you can't manage text emails with BSD mailx from the CLI, you probably shouldn't be working on nuclear weapons in the first place...