A good friend of mine, who will
soon take an important cybersecurity position in the Biden administration,
emailed me this article last week. He accompanied it with a note that said
“A friend sent this to me last week; I was clenching my teeth as I read the
article and the referenced report.”
At first, I was reluctant to read
the article, since my dentist has warned me I’m clenching my teeth too much
(although I told her I think the problem will abate with the new
administration). But I did read it, and I also found it teeth-clenchingly
outrageous. I also found this article from The Register, which – as usual with
that publication – brought some nice insights to the story.
I can’t say anybody’s at fault
here, and I can’t say the company in question, Positive Technologies, does in
fact work hand-in-glove with the GRU. But they do tout their relationship with
the Russian military on their web site, and my guess is they’re not in the
business of securing the motor pool.
Of course, the worst part of the
story is they were part of a group of firms given early access to vulnerability
information by Microsoft (they also had relationships with VMWare, Intel, HP
and IBM, and their customers include “major European banks Societe Generale and
ING, as well as Samsung, SK Telecom of South Korea and BT, the British
telecommunications giant”). Earth to Microsoft: There’s nothing wrong with
having a relationship with a Russian firm. But to give early vulnerability
information to a firm that advertises its relationship with the Russian
military…What were you thinking? Or more to the point, were you thinking at
all?
I’ve been intending to write a
post on the cluelessness of Microsoft in another area, so this gives me reason
to write that post in the near future . I have maybe 10-15 posts in my
“backlog”, but something new always keeps coming up, so often they get pushed
back – and some of the new topics just get added to the backlog. So much
cluelessness, so little time…
Any opinions expressed in this
blog post are strictly mine and are not necessarily shared by any of the
clients of Tom Alrich LLC. If you would like to comment on what you have read here, I would
love to hear from you. Please email me at tom@tomalrich.com.
No comments:
Post a Comment