Analytics // Security Monitoring

NSA Fallout: Microsoft Rethinks Customer Data Controls

Fallout over NSA surveillance drives Microsoft to promise widespread security and privacy improvements. But do they go far enough?
2 of 2

2 of 2
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
pjmjr
50%
50%
pjmjr,
User Rank: Apprentice
12/6/2013 | 1:52:14 PM
Re: NSA Proof Communication
This shows the hyprocacy of Microsoft's"scruggoled" campaign. Not only do they use user data to make Bing work, they have worked hand in glove with NSA to provide access to private communications and data. Now they try to tell us they are rethinking issues of data privacy. I remember all their promices about how wonderful Windows 7, Vista, and 8 were going to be.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Ninja
12/5/2013 | 6:43:11 PM
Re: I can smell the pile
The problem with any pronouncement about encryption is that is has to be taken on trust, something that has already been violated. How does anyone know the encryption Microsoft (or Google or Apple) provides will function as desired? Very few computer users are technically savvy enough to really understand and evaluate encryption. Unless there are specific laws preventing the NSA (not to mention Russia and China) from accessing data, expect it to try and ulitmately succeed. It has billions in funding and skilled experts. You have assurances but no real proof.
TwistOneUp
50%
50%
TwistOneUp,
User Rank: Apprentice
12/5/2013 | 4:18:14 PM
Re: I can smell the pile
not all services give it up to the NSA.

social networking org Glom.com does not comply with any NSA, PRISM, or other government demands for people's data, no do they sell people's data, track searches, chats, messaging, etc.

i find it the height of hypocrisy that Microsoft, who at one time allegedly worked with the government to help them read outlook emails, now decides to work on "better privacy".  good luck with that.

can you say, "did a 180"?

TOU
KevinO442
50%
50%
KevinO442,
User Rank: Apprentice
12/5/2013 | 3:05:40 PM
meaningless
Legally required by US Law to submit all data to NSA , and then legally required not to reveil that they're doing it , or they all get thrown in jail.


This is just shuffling deck chairs on the titanic.

The FBI kicked the door in of the email provider Edward Snowden was using and took what they wanted by force , and anyone who resisted was threatenned with jail time. You think promises of encryption mean anything ?

 

The only thing left is to wait for them to release the code to "prove" there are no back doors, and then find out it doesn't match up with the code that's actually out there.

 

 
danielcawrey
50%
50%
danielcawrey,
User Rank: Apprentice
12/5/2013 | 1:06:02 PM
Re: I can smell the pile
The fact that Microsoft has to fight our own government for privacy seems so ridiculous. This technological arms war almost seems like a waste of money.

But then again, who knows what kinds of new privacy tech may come out of efforts like this?
anon4701114258
100%
0%
anon4701114258,
User Rank: Apprentice
12/5/2013 | 11:54:25 AM
I can smell the pile
BS. MS is in bed with the NSA. Same with Google, Twitter, Facebook, Yahoo, and the list goes on.
DSusan2013
100%
0%
DSusan2013,
User Rank: Apprentice
12/5/2013 | 11:45:30 AM
NSA Proof Communication
It is important that more and more software companies protect our data. I am glad to see microsoft try and help protect there useres. It is also nice to see the new apps coming out that are NSA proof for communication. The one I have been using is Jolt, fee free to check it out if you wish. More security and privacy is always a good thing :)

https://play.google.com/store/apps/details?id=com.abmapp.jolt
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-1009
Published: 2015-07-31
Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file.

CVE-2015-1486
Published: 2015-07-31
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new administrative session.

CVE-2015-1487
Published: 2015-07-31
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files, and consequently obtain administrator privileges, via a crafted filename.

CVE-2015-1488
Published: 2015-07-31
An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via unknown vectors.

CVE-2015-1489
Published: 2015-07-31
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!