Techly NewsGet the app

Get the latest tech news

Microsoft Chose Profit over Security, Whistleblower Says


Former employee says software giant dismissed his warnings about a critical flaw because it feared losing government business. Russian hackers later used the weakness to breach the National Nuclear Security Administration, among others.

The product, which was used by millions of people to log on to their work computers, contained a flaw that could allow attackers to masquerade as legitimate employees and rummage through victims’ “crown jewels” — national security secrets, corporate intellectual property, embarrassing personal emails — all without tripping alarms. Harris’ high school yearbookCredit: Classmates.com As a sophomore at Pace University in New York, he wrote a white paper titled “How to Hack the Wired Equivalent Protocol,” a network security standard, and was awarded a prestigious Defense Department scholarship, which the government uses to recruit cybersecurity specialists. Soon after, the Massachusetts- and Tel Aviv-based cybersecurity firm CyberArk published a blog post describing the flaw, which it dubbed “Golden SAML,” along with a proof of concept, essentially a road map that showed how hackers could exploit the weakness.

Get the Android app

Or read this on r/technology

Read more on:

Photo of Microsoft

Microsoft

Photo of Russian

Russian

Photo of Security

Security

Related news:

News photo

Taboos and Self-Censorship Among U.S. Psychology Professors

News photo

Microsoft's Azure Linux 2.0 Update Ships Dozens Of Security Patches, Adds Azl-Compliance

News photo

Microsoft's Nadella is building an AI empire

« ‘Liquid battery’: Scientists discover way to store electricity in liquid fuel | The ‘liquid battery’ stores excess renewable energy as isopropanol, a liquid alcohol that serves as a high-density hydrogen carrier.
Taskmaster VR gets a last-minute delay on Steam but the Quest version will launch as planned »