On the hunt for Microsoft

A bit late this week. I've been ill.

A day late, a buck short, on writing this blogpost.

If you don't get this reference you're either:

• Under 25

• VERY LUCKY. You can experience hearing this awesome song for the very first time.

ANYWAYHi and welcome to another Security weekly. Where we laugh, we cry and share the latest and greatest in security and tech news.

In this week's edition:

⚔️ Microsoft, I'm coming for you🦆 Elon Musk: billionaire playboy, techie, space cowboy, comedian?🔥 the quick and dirty

Reading time: 02:56 + 2:50 if you watch the entire Blink vid

Microsoft, I'm coming for you

Last week I talked shortly about the Microsoft BlueBleed leak. Not being fully aware of the impact back then, it was rather short.Now, a week later.. it finally dawned on me.For years I've been saying Microsoft was OK with data. Responsible, security first - customer second.None of that is true.Microsoft are just as horrible as all the rest.*storytime*Ok, so in short:

• MS had a server open to the internet, which shouldn't have been open to the internet. Cool, can happen to anyone. Just close it off.

• SOCRadar discovered the server, and also that there is a lot of data (2,4 TB) on it. They reported this to MS. No biggie. Just report the leak and the data which has been leaked to the affected people.

• The data was downloaded and thrown in a search engine by SOCRadar. Making it possible for user to search if their information was in there. Cool, handy. Thanks.

• Microsoft downplays this entire event, saying the data isn't as much as SOCRadar claims. And also forces SOCRadar to take the search engine offline. Fuck off MS, really.

I was quick enough to take a look in the breached data - and if you know where to look it's still available online - and found some of our data.So, I filed a Microsoft request to provide me with all details for our company. Which Microsoft happily complied to.JUST KIDDIIIIINNNNNNG

Of course Microsoft didn't feel the need to further help me. I got a copy pasted response from a support employee which did jack for me. No blame to them though, I can only imagine the massive load of tickets BlueBleed has caused.So yeah, Microsoft turned out to have no respect for their customers after all. Who would have guessed?But you messed with the wrong blogger, MS. 50 subscribers, 200 pageviews 1000 PEOPLE REACH ON LINKEDIN. I WILL BE RECTIFIED!*Storytime over*

Elon Musk: billionaire playboy, techie, space cowboy, comedian?

So Elon Musk finally bought Twitter.I know, I know, this isn't reaaaaally security related.But, c'mon. The guy walked in with a porcelain sink and said "let that sink in".How could I not write about this?

Stay away from the jokes Elon, stick to the online beef.

Maybe with a new sheriff in town, Twitter security will improve though. Who knows?That would be problematic for this blog though, since 64% of my content is about how much I hate Twitter.

The quick and dirty

• New York Post was hacked from the inside, employee fired after offensive articles posted online - And that's why you should never neglect access control.

• LinkedIn's new security features combat fake profiles, threat actors - Cool stuff. Hopefully my followers don't turn out to be 99% fake profiles.

• Apple Security Research - Apple updated their security site. Looks tight. Got everything a security site needs. Good job Apple!

• Meme of the week - easy win for Malwarebytes (awesome tool btw, check it out)

Security like I'm five

Don't have time for hours of research? Don't have 20 years of experience in security? Me neither, but I gotchu fam.In Security like I'm five I cover a range of security topics. I do all the hard work, and explain it to you in a practical matter. Lot's of meme's too. Good stuff, good stuff.This and Security weekly conveniently delivered to your mailbox a couple of times a week, for free.Pretty sweet deal if you ask me.

So sign up for the newsletter and be enlightened! (don't set the bar too high tho)