Foreign hackers breached a US nuclear weapons plant via SharePoint flaws

(www.csoonline.com)

433 points zdw | 1 comments | 21 Oct 25 15:51 UTC | HN request time: 0.001s | source

Show context

zelphirkalt ◴[21 Oct 25 18:16 UTC] No.45659480[source]▶

Hahaha, how stupid must anyone be to deploy SharePoint anywhere near anything of national security relevance! How can it still be a thing, that anyone entrusted with such sensitive matter dates to even touch MS products of the kind of SharePoint? That includes the complete MS Office 365 disaster suite, MS Teams and Edge.

Sounds like they need to seriously redesign their security policies.

replies(4): >>45659991 #>>45660466 #>>45660486 #>>45660738 #

jahewson ◴[21 Oct 25 19:46 UTC] No.45660738[source]▶

>>45659480 #

What would you recommend instead?

replies(1): >>45661065 #

baobun ◴[21 Oct 25 20:13 UTC] No.45661065[source]▶

>>45660738 #

For security-critical or sensitive situations, auditability should be a requirement. That implies access to source code and capabilty to build it.

Decisions like these need to be done from first principles. SharePoint shouldn't even have been a contender here if looked at seriously. Do your own homework.

replies(3): >>45661491 #>>45664033 #>>45665985 #

1. mmooss ◴[22 Oct 25 07:46 UTC] No.45665985[source]▶

>>45661065 #

> For security-critical or sensitive situations, auditability should be a requirement. That implies access to source code and capabilty to build it.

Vendors can be accountable without providing source code, for example through contracts specifying performance.

I don't know how large Sharepoint's source is, though it has many components and I assume there is quite a bit of code. Auditing the source code of something like Microsoft Office seems almost impossible.

> first principles.

What does that mean in this context?

↑