The US president ordered a board to probe a massive Russian cyberattack. It never did.
The US president ordered a board to probe a massive Russian cyberattack. It never did.
The Cyber Safety Review Board missed an opportunity to prevent future attacks, experts say.
This is a ProPublica story. Why not post that instead of the ArsTechnica reprint?
The difference for folks in the EU is that ProPublica does not use tracking cookies, and therefore we don't have to click through their GDPR notice.
22Do you have a link to it?
4https://www.propublica.org/article/cyber-safety-board-never-investigated-solarwinds-breach-microsoft
A full, public accounting of what happened in the Solar Winds case would have been devastating to Microsoft. ProPublica recently revealed that Microsoft had long known about — but refused to address — a flaw used in the hack. The tech company’s failure to act reflected a corporate culture that prioritized profit over security and left the U.S. government vulnerable, a whistleblower said.
...
So far, the Cyber Safety Review Board has charted a different path.
The board is not independent — it’s housed in the Department of Homeland Security. Rob Silvers, the board chair, is a Homeland Security undersecretary. Its vice chair is a top security executive at Google. The board does not have full-time staff, subpoena power or dedicated funding.
Incidentally, this is why people have zero faith in the modern Democratic Party. You get these big fanfare addresses by a President, which consistently resolve into these empty bureaucratic fixtures with neither the inclination nor the authority to perform their stated tasks.
19
For a very long time, Salesforce sent login username and password through plain text in URL parameters.
To the point you could bookmark that URL and skip the login screen. You'd still have to contend with other login security(2FA and/or IP restrictions) but it was a gaping security hole they fixed relatively recently.
12