Microsoft Employees Exposed Own Company’s Internal Logins

Multiple people who appear to be employees of Microsoft have exposed sensitive login credentials to the company’s own infrastructure on GitHub, potentially offering attackers a gateway into internal Microsoft systems, according to a cybersecurity research firm that found the exposed credentials. Motherboard reports: “We continue to see that accidental source code and credential leakages are part of the attack surface of a company, and it’s becoming more and more difficult to identify in a timely and accurate manner. This is a very challenging issue for most companies these days,” Mossab Hussein, chief security officer at cybersecurity firm spiderSilk which discovered the issue, told Motherboard in an online chat. Hussein provided Motherboard with seven examples in total of exposed Microsoft logins. All of these were credentials for Azure servers. Azure is Microsoft’s cloud computer service and is similar to Amazon Web Services. All of the exposed credentials were associated with an official Microsoft tenant ID. A tenant ID is a unique identifier linked to a particular set of Azure users. One of the GitHub users also listed Microsoft on their profile.

Three of the seven login credentials were still active when spiderSilk discovered them, with one seemingly uploaded just days ago at the time of writing. The other four sets of credentials were no longer active but still highlighted the risk of workers accidentally uploading keys for internal systems. Microsoft refused to elaborate on what systems the credentials were protecting when asked multiple times by Motherboard. But generally speaking, an attacker may have an opportunity to move onto other points of interest after gaining initial access to an internal system. One of the GitHub profiles with exposed and active credentials makes a reference to the Azure DevOps code repository. Highlighting the risk that such credentials may pose, in an apparently unrelated hack in March attackers gained access to an Azure DevOps account and then published a large amount of Microsoft source code, including for Bing and Microsoft’s Cortana assistant. “We’ve investigated and have taken action to secure these credentials,” said a Microsoft spokesperson in a statement. “While they were inadvertently made public, we haven’t seen any evidence that sensitive data was accessed or the credentials were used improperly. We’re continuing to investigate and will continue to take necessary steps to further prevent inadvertent sharing of credentials.”

Read more of this story at Slashdot.

Microsoft Claims Sony Pays Developers ‘Blocking Rights’ To Keep Games Off Xbox Game Pass

In a lengthy document submitted to the Brazilian government as part of its investigation into Microsoft’s acquisition of Activision Blizzard, Microsoft has claimed Sony pays developers “blocking rights” to prevent games from appearing on Xbox Game Pass. From a report: The accusation appears in a 27-page rebuttal of Sony’s recent objections to Microsoft’s Activision Blizzard buyout, made to Brazil’s Administrative Council for Economic Defense (CADE) as part of its investigation. Much of Sony’s argument had focused on Call of Duty – which it claimed had “no rival” and was “so popular that it influences users’ choice of console” — with the PlayStation maker suggesting, among other things, that the inclusion of Call of Duty on Microsoft’s Game Pass service would hamper its ability to compete.

Microsoft’s response is as wide-ranging as Sony’s initial objections, touching on everything from the fact it has previously managed to grow Game Pass without Activision Blizzard’s titles — suggesting Call of Duty mightn’t be quite as “essential” as Sony claims — to a reiteration of its assurances that it won’t be making Call of Duty an Xbox console exclusive. It’s here that Microsoft takes a swipe at Sony, pointing out (as per a Google-translated version of its filing) that for all its concerns around exclusivity, “the use of exclusive arrangements has been at the heart of Sony’s strategy to strengthen its presence in the gaming industry.” Microsoft says Sony’s concerns are “incoherent”, given that, by virtue of PlayStation’s dominant market share, the company is a leader in the distribution of digital games – especially when, as Microsoft claims, Sony has actively hampered the growth of Game Pass by paying for “‘blocking rights’ to prevent developers from adding content to Game Pass and other competing subscription services.” Further reading: Microsoft Justifies Activision Blizzard’s $69 Billion Acquisition By Telling Regulator Call of Duty Publisher Doesn’t Release ‘Unique’ Games.

Read more of this story at Slashdot.

What Makes Workers ‘Thrive’? Microsoft Study Suggests Shorter Workweeks and Less Collaboration

Microsoft describes “thriving” at work as being “energized and empowered to do meaningful work.”

So Microsoft’s “people analytics” chief and its “culture measurements” director teamed up for a report in Harvard Business Review exploring “as we enter the hybrid work era… how thriving can be unlocked across different work locations, professions, and ways of working.”

ZDNet columnist Chris Matyszczyk took special note of the researchers’ observation that “Employees who weren’t thriving talked about experiencing siloes, bureaucracy, and a lack of collaboration,” asking playfully, “Does that sound like Microsoft to you?”

Klinghoffer and McCune were undeterred in their search for the secret of happiness. They examined those who spoke most positively about thriving at work and work-life balance. They reached a startling picture of a happy Microsoft employee. They said: “By combining sentiment data with de-identified calendar and email metadata, we found that those with the best of both worlds had five fewer hours in their workweek span, five fewer collaboration hours, three more focus hours, and 17 fewer employees in their internal network size.”

Five fewer collaboration hours? 17 fewer employees in their internal network? Does this suggest that the teamwork mantra isn’t working so well? Does it, in fact, intimate that collaboration may have become a buzzword for a collective that is more a bureaucracy than a truly productive organism?

Klinghoffer and McCune say collaboration isn’t bad in itself. However, they say: “It is important to be mindful of how intense collaboration can impact work-life balance, and leaders and employees alike should guard against that intensity becoming 24/7.”

If you’re a leader, you have a way to stop it. If you’re an employee, not so much.

The Microsoft researchers’ conclusion? “Thriving takes a village” (highlighting the importance of managers), and that “the most common thread among those who were not thriving was a feeling of exclusion — from a lack of collaboration to feeling left out of decisions to struggling with politics and bureaucracy.”

Matyszczyk’s conclusion? “It’s heartening to learn, though, that perhaps the most important element to making an employee happy at work is giving them time to, well, actually work.”

Read more of this story at Slashdot.

Microsoft Tries Collaborating with Unions to Avoid ‘Public Disputes’

“Microsoft on Thursday announced a new strategy for dealing with organized labor…” reports the Washington Post (in a story republished on MSN.com):

In a blog post shared with The Washington Post, Microsoft President Brad Smith wrote that the company will respect workers’ rights to unionize and plans to work collaboratively with organized labor organizations to “make it simpler rather than more difficult” for employees to unionize if they so choose.

Microsoft is in the process of completing a $69 billion acquisition of Activision, a video game company where employees of a small subsidiary voted to unionize in March. That union, the Game Workers Alliance, is a division of the Communications Workers of America (CWA), which in a statement called Microsoft’s announcement “encouraging and unique among the major tech companies.” CWA Secretary-Treasurer Sara Steffens added that “to truly give workers a legally protected voice in decisions that affect them and their families, these principles must be put into action and incorporated into Microsoft’s day-to-day operations and its expectations for its contractors….”
Rebecca Givan, a Rutgers University professor of labor relations, said Microsoft’s announcement could mean the company is trying to smooth things over with employees interested in unionizing. “There’s a lot of actual organizing or talk or desire in the video game sector, and that’s a piece of what Microsoft does. That might be what they’re trying to get out in front of,” Givan said.

The article argues that Microsoft is “attempting to set itself apart from other Big Tech firms like Google and Amazon that have clashed publicly with employees seeking union representation.” And it provides specific examples where other big tech companies have “gotten into trouble” with America’s National Labor Relations Board:
“The labor board has repeatedly found that Amazon wrongfully terminated or retaliated against workers who were involved with union organizing.”
“Google, too, has had to settle charges with workers who said the company fired them in response to union organizing.”
“Workers at Apple told The Post in April that they were targeted by management for supporting the union and threatened with the loss of certain benefits and opportunities for promotion.”

The president of America’s largest federation of union, the AFL-CIO, tells the Post in a statement that “Microsoft’s collaborative approach to working with its employees who seek to organize is a best practice that we look forward to seeing implemented at Microsoft and other companies.”

Read more of this story at Slashdot.

Microsoft Teams Up With VW To Make HoloLens Work In Cars

Microsoft has officially announced a new “moving platform” feature for the HoloLens 2, which is designed to let the augmented reality headset work in places like cars. The Verge reports: It addresses a long-standing HoloLens issue of moving environments confusing the headset’s sensors. The enhancement was developed in collaboration with Volkswagen, which has been experimenting with using the headset as a heads-up display in its vehicles. As Microsoft’s blog post explains, its augmented reality headset tracks movement using a combination of camera sensors and an inertial measurement unit (which typically includes accelerometers and gyroscopes). But in a car, the readings from these two sensors can conflict; the headset senses movement but sees a static environment. In other words, it was getting car sick.

That’s what VW discovered after it started investigating the use of augmented reality headsets to teach drivers how to get around a racetrack faster. It started collaborating with Microsoft to fix the sensor problem in 2018, and, eventually, the two developed a prototype system that allowed a car to display real-time information on a connected headset. The system allows virtual objects to be placed both inside and outside of the vehicle. One image released by Microsoft (above) shows the HoloLens 2 projecting a virtual map onto the dashboard of a car, with navigation arrows appearing ahead at key intersections. A second shows it alerting the driver to an upcoming pedestrian crossing.

Read more of this story at Slashdot.