Analytics // Security Monitoring

NSA Fallout: Microsoft Rethinks Customer Data Controls

Fallout over NSA surveillance drives Microsoft to promise widespread security and privacy improvements. But do they go far enough?
2 of 2

2 of 2
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
pjmjr
50%
50%
pjmjr,
User Rank: Apprentice
12/6/2013 | 1:52:14 PM
Re: NSA Proof Communication
This shows the hyprocacy of Microsoft's"scruggoled" campaign. Not only do they use user data to make Bing work, they have worked hand in glove with NSA to provide access to private communications and data. Now they try to tell us they are rethinking issues of data privacy. I remember all their promices about how wonderful Windows 7, Vista, and 8 were going to be.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Moderator
12/5/2013 | 6:43:11 PM
Re: I can smell the pile
The problem with any pronouncement about encryption is that is has to be taken on trust, something that has already been violated. How does anyone know the encryption Microsoft (or Google or Apple) provides will function as desired? Very few computer users are technically savvy enough to really understand and evaluate encryption. Unless there are specific laws preventing the NSA (not to mention Russia and China) from accessing data, expect it to try and ulitmately succeed. It has billions in funding and skilled experts. You have assurances but no real proof.
TwistOneUp
50%
50%
TwistOneUp,
User Rank: Apprentice
12/5/2013 | 4:18:14 PM
Re: I can smell the pile
not all services give it up to the NSA.

social networking org Glom.com does not comply with any NSA, PRISM, or other government demands for people's data, no do they sell people's data, track searches, chats, messaging, etc.

i find it the height of hypocrisy that Microsoft, who at one time allegedly worked with the government to help them read outlook emails, now decides to work on "better privacy".  good luck with that.

can you say, "did a 180"?

TOU
KevinO442
50%
50%
KevinO442,
User Rank: Apprentice
12/5/2013 | 3:05:40 PM
meaningless
Legally required by US Law to submit all data to NSA , and then legally required not to reveil that they're doing it , or they all get thrown in jail.


This is just shuffling deck chairs on the titanic.

The FBI kicked the door in of the email provider Edward Snowden was using and took what they wanted by force , and anyone who resisted was threatenned with jail time. You think promises of encryption mean anything ?

 

The only thing left is to wait for them to release the code to "prove" there are no back doors, and then find out it doesn't match up with the code that's actually out there.

 

 
danielcawrey
50%
50%
danielcawrey,
User Rank: Apprentice
12/5/2013 | 1:06:02 PM
Re: I can smell the pile
The fact that Microsoft has to fight our own government for privacy seems so ridiculous. This technological arms war almost seems like a waste of money.

But then again, who knows what kinds of new privacy tech may come out of efforts like this?
anon4701114258
100%
0%
anon4701114258,
User Rank: Apprentice
12/5/2013 | 11:54:25 AM
I can smell the pile
BS. MS is in bed with the NSA. Same with Google, Twitter, Facebook, Yahoo, and the list goes on.
DSusan2013
100%
0%
DSusan2013,
User Rank: Apprentice
12/5/2013 | 11:45:30 AM
NSA Proof Communication
It is important that more and more software companies protect our data. I am glad to see microsoft try and help protect there useres. It is also nice to see the new apps coming out that are NSA proof for communication. The one I have been using is Jolt, fee free to check it out if you wish. More security and privacy is always a good thing :)

https://play.google.com/store/apps/details?id=com.abmapp.jolt
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7241
Published: 2014-12-19
The TSUTAYA application 5.3 and earlier for Android allows remote attackers to execute arbitrary Java methods via a crafted HTML document.

CVE-2014-7249
Published: 2014-12-19
Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, AR750S, AR750S-DP, AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-8748XL, AT-8848, AT-9816GB, AT-9924T, AT-9924Ts, CentreCOM AR415S, CentreCOM AR450S, CentreCOM AR550S, CentreCOM AR570S, CentreCOM 8700SL, CentreCOM 8948XL, CentreCOM 992...

CVE-2014-7267
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the output-page generator in the Ricksoft WBS Gantt-Chart add-on 7.8.1 and earlier for JIRA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-7268.

CVE-2014-7268
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the data-export feature in the Ricksoft WBS Gantt-Chart add-on 7.8.1 and earlier for JIRA allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-7267.

CVE-2014-8272
Published: 2014-12-19
The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.