|
Because customer info is a commodity. Company info is a security issue.
|
|
|
|
|
|
|
StatementTerminator wrote: Someone explain it to me like I'm five
When a mommy computer and a daddy computer love each other very much ... 
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
|
StatementTerminator wrote: How is a misconfigured endpoint that exposes customer info not a security vulnerability? Someone explain it to me like I'm five
A data leak is not a security problem per se.
If you leave the door of your house open is not the same as if someone breaks in... isn't it?
The results are the same, but the insurances response or the punishment if they get caught is totally different.
M.D.V. 
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Yeah but if my data gets compromised I don't really care if it's a misconfiguration or a zero-day, the data got compromised.
I get that MS is trying to point out that it wasn't due to some code vulnerability in their software, but I feel like there's some PR spin here in trying to minimize the fact that they failed to keep their customer data secure. Security is only as good as the weakest link, and a wide-open endpoint is a pretty weak link.
|
|
|
|
|
StatementTerminator wrote: I feel like there's some PR spin here in trying to minimize the fact that they failed to keep their customer data secure. Security is only as good as the weakest link, and a wide-open endpoint is a pretty weak link.
Have you ever tried to use something that is so locked down, with barriers every step of the way, that you decided to open up everything just to get things to work, with the intent to figure out later how you were supposed to do things correctly in the first place and then lock things back down? And then that never gets done? I'm sure this happens all the time.
Microsoft is rightfully pointing out here that they provide the infrastructure - it's up to the admins employed by their customers to use it correctly.
The Linux fanbois say the same thing, Linux is super-secure if you do it correctly, but a misconfigured OS is still going to be as vulnerable as anything else.
And now the bad analogy...how far should a chainsaw manufacturer go to ensure their customers don't do something completely stupid?
|
|
|
|
|
So it was a client who did the misconfiguration? I was assuming it happened on the MS end.
|
|
|
|
|
MS application authors are customers of MS Azure's products.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
--Zachris Topelius
|
|
|
|
|
I certainly don't know the details about this particular story, but if I sign up for Azure and build an app on top of it, but my app is so badly designed/configured someone finds a flaw and data leaks...the fault's with me, not Azure. I'd have no problem taking that blame.
|
|
|
|
|
StatementTerminator wrote: I don't really care if it's a misconfiguration or a zero-day, the data got compromised.
Your jewels, your electronic equipment, your art and other valuables in your house get stolen anyways...
But it is still a big difference if you forgot to close your door, or someone forced it to break in.
M.D.V. 
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Wordle 489 4/6
⬛🟩🟩⬛🟩
⬛🟩🟩⬛🟩
⬛🟩🟩🟩🟩
🟩🟩🟩🟩🟩
|
|
|
|
|
Wordle 489 4/6
⬜⬜⬜⬜🟩
⬜🟨🟨⬜⬜
⬜⬜⬜⬜⬜
🟩🟩🟩🟩🟩
Software rusts. Simon Stephenson, ca 1994. So does this signature. me, 2012
|
|
|
|
|
Wordle 489 3/6
⬛⬛⬛⬛🟩
🟩⬛⬛⬛🟩
🟩🟩🟩🟩🟩
|
|
|
|
|
Wordle 489 5/6
⬜⬜⬜🟨⬜
⬜🟩🟨⬜⬜
⬜🟩⬜⬜🟩
🟩🟩🟩⬜🟩
🟩🟩🟩🟩🟩
|
|
|
|
|
Wordle 488 4/6
⬛⬛⬛🟨🟨
🟨🟩⬛⬛⬛
⬛🟩🟨⬛🟨
🟩🟩🟩🟩🟩
|
|
|
|
|
Wordle 489 3/6
🟨⬜⬜⬜⬜
⬜⬜⬜🟩🟩
🟩🟩🟩🟩🟩
This one went very fast 
|
|
|
|
|
⬜🟩⬜⬜🟩
🟩🟩🟩🟩🟩
Life should not be a journey to the grave with the intention of arriving safely in a pretty and well-preserved body, but rather to skid in broadside in a cloud of smoke, thoroughly used up, totally worn out, and loudly proclaiming “Wow! What a Ride!" - Hunter S Thompson - RIP
|
|
|
|
|
Wordle 489 5/6
⬜🟩🟩⬜🟩
⬜🟩🟩⬜🟩
⬜🟩🟩🟩🟩
⬜🟩🟩🟩🟩
🟩🟩🟩🟩🟩
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Wordle 489 5/6*
⬜⬜⬜⬜🟩
⬜🟩⬜⬜🟩
⬜🟩⬜⬜🟩
⬜🟩🟩⬜🟩
🟩🟩🟩🟩🟩
Happiness will never come to those who fail to appreciate what they already have. -Anon
|
|
|
|
|
Wordle 489 4/6
⬛⬛🟩🟨🟩
⬛🟩🟩⬛🟩
🟩🟩🟩⬛🟩
🟩🟩🟩🟩🟩
Get me coffee and no one gets hurt!
|
|
|
|
|
Wordle 489 4/6*
⬜⬜🟨⬜⬜
⬜🟩⬜⬜🟩
⬜🟩🟩⬜🟩
🟩🟩🟩🟩🟩
|
|
|
|
|
Wordle 489 4/6
⬛🟩⬛⬛🟩
⬛🟩⬛⬛🟩
🟩🟩⬛⬛🟩
🟩🟩🟩🟩🟩
|
|
|
|
|
Wordle 489 6/6*
⬜🟩🟩⬜🟩
⬜🟩🟩⬜🟩
⬜🟩🟩⬜🟩
⬜🟩🟩⬜🟩 I started getting a little nervous about here.
⬜🟩🟩🟩🟩
🟩🟩🟩🟩🟩
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
