Meh. Releasing it to the public should be no big deal, if it is good, solid code. If it won't stand up to public scrutiny and analysis, then it should go down in flames. Security through obscurity is a totally flawed and failed approach that has been debunked broadly since the inception of the internet. It's too bad this guy didn't release all the recent versions of Microsoft's operating systems. WinDOHs is a poorly conceived and irresponsibly managed piece of garbage with a monster back door in it that MS uses "for the good of the public". That is just one of many reasons why I use Linux and mostly open source software.
there was this guy named edward snowden. he carried documents out of the nsa, showing nsa spying on americans that the courts have since declared illegal. why would you think something like this could never happen?
Would you think that this agency is in possession of incriminating evidence concerning political graft and corruption?
https://www.neowin.net/news/suspected-lapsus-hackers-rounded-up-by-city-of-london-police/ Suspected Lapsus$ hackers rounded up by City of London Police Paul Hill @ziks297 · Mar 24, 2022 The City of London Police has arrested seven teenagers that are suspected to be involved in the Lapsus$ hacking group. A 16-year-old from Oxford, UK, has also been named by rival hackers and researchers as one of the group’s leaders but the police did not say whether he was included in the group that was arrested. According to BBC News, the child hacker has allegedly got hold of $14 million and his dad has got so concerned that he has been trying to keep him away from computers. Speaking to the BBC, the suspected hacker’s father said: “I had never heard about any of this until recently. He's never talked about any hacking, but he is very good on computers and spends a lot of time on the computer. I always thought he was playing games. We're going to try to stop him from going on computers.” Two different sources have supposedly unveiled the hacker’s identity. The first source is his business partners who he had a falling out with, subsequently, they posted his name, address, and social media pictures online and said that during his hacking activities, he has amassed over 300 bitcoin and that he’s now affiliated with Lapsus$. The cybersecurity company Unit 221B has also been tracking him for over a year and periodically been handing data over to law enforcement. The Lapsus$ hacker group has come to prominence in the press recently as it staged several attacks against a number of high-profile companies including Microsoft and threatened Vodafone. In its most recent Telegram post, the group said that some of its members had taken vacation until March 30 so leaks would be slower - this could be the group that got nabbed by the police.
Technology Cybersecurity Chinese hackers stole US government emails, say Microsoft and White House By William Turton and Sarah Zheng July 13, 2023 https://www.smh.com.au/technology/c...icrosoft-and-white-house-20230713-p5dnwn.html Hackers breached Microsoft Outlook email accounts linked to government agencies in the US and Western Europe, according to government officials and Microsoft, which described the attackers as being based in China. Last month, the US State Department identified anomalous activity and alerted Microsoft to the attack, according to a spokesperson. A subsequent investigation by Microsoft determined that the hackers accessed and exfiltrated unclassified Exchange Online Outlook data from a small number of accounts,” according to a statement from the US Cybersecurity and Infrastructure Security Agency, known as CISA. Microsoft described the group behind the attack as China-based and named them Storm-0558.Credit: AP In an interview on US television on ABC’s Good Morning America, national security adviser Jake Sullivan said, “We detected it fairly rapidly, and we were able to prevent further breaches. The matter is still being investigated.” In a blog post, Microsoft described the group behind the attack as China-based and named them Storm-0558. The hackers were able to remain undetected for a month after gaining access to email data from about 25 organisations in mid-May. “We assess this adversary is focused on espionage, such as gaining access to email systems for intelligence collection,” Charlie Bell, an executive vice president at Microsoft, wrote in another post. Beside the State Department, it wasn’t known which other US agencies were impacted by the breach. A senior official said the number of agencies was in the single digits. It also wasn’t clear which European governments were affected. Italian cybersecurity officials said they were in contact with Microsoft “in order to identify potential Italian subjects involved in the latest attacks.” Asked about the findings, China’s foreign ministry spokesman Wang Wenbin, at a regular briefing on Wednesday, accused the US of being the world’s largest cyberattacker. US officials described the attacks as targeted and focused on a small number of accounts at the agencies that were breached, as opposed to hack seeking to steal large amounts of data. CISA and the FBI issued a joint advisory urging organisations to harden their Microsoft 365 cloud environments. The hacking campaign got underway in the weeks before Secretary of State Antony Blinken arrived in Beijing to meet with top officials, including Chinese President Xi Jinping. The hacking campaign got underway in the weeks before Secretary of State Antony Blinken arrived in Beijing to meet with top officials, including Chinese President Xi Jinping.Credit: AP A key remaining question is how the hackers were able to pull of the breach. The hackers used “forged authentication tokens to access user email using an acquired Microsoft account (MSA) consumer signing key,” Microsoft’s Bell said in his post. The hackers were then able to access Outlook email hosted on systems run and operated by Microsoft. But how hackers obtained the signing key that gave them access to these emails remains unknown. “The big question here really is where did they get the MSA-key to sign tokens,” said Sami Laiho, a computer security expert who specialises in Microsoft products. One possible explanation, Laiho said, is if Microsoft itself was breached. Microsoft didn’t immediately respond to a request for comment about how hackers obtained the signing key. The senior official used the news of the breach to highlight a source of tension between Microsoft and the US government: logging. Logs allow cybersecurity investigators to dig through digital clues left behind on their own systems to figure out if they’ve been hacked and who may be responsible. More advanced logging can capture and record granular actions made by a user, like if a certain email was accessed. At issue is whether Microsoft should sell logging as a premium add-on for government customers or include it in its product for free. A lack of logging complicated the investigation into the so-called SolarWinds attack, which was disclosed in 2020. In that episode, Russian state-sponsored hackers installed a malicious update in software made by SolarWinds Corp., which installed a digital backdoor which they could then use to further infiltrate SolarWinds customers. Ultimately, nine US agencies and about 100 companies were breached via the SolarWinds update and other methods. United States President Joe Biden's remarks calling Chinese leader Xi Jinping a "dictator" and China a country with "real economic difficulties" have drawn fast condemnation from China. Microsoft offered its premium logging feature for free for about a year in the wake of the SolarWinds hack. CISA and others have said that logs should be free, maintaining that they are crucial for detecting and investigating security incidents. On Wednesday, the senior officials said some of the affected US agencies paid for a premium logging feature and were able to detect the breach on their own. Microsoft, which retains the logs, was able to identify others who were hacked but don’t pay for logging. Requiring organisations to pay for better logging is a recipe for inadequate visibility into what has occurred in networks, the official said, adding that the issue requires urgent attention. Bloomberg
Considering the gargantuan amount of code, tools and software Mr Softie has stolen from others over the last 55 years.... Somehow... This Has The Sweet Smell of Karmic Justice All Over It...