Cortana – BIG

Microsoft confirmed that hacking group ‘Lapsus$’ compromised a “single account” and accessed partial source code for Bing and Cortana.

The company confirmed the breach in a blog post and detailed what Lapsus$ — or ‘DEV-0537’ as Microsoft calls the group — got from the breach. According to Microsoft, no customer code or data was involved. The company says that Lapsus$ only compromised one account, and Microsoft’s security teams responded quickly to remediate the account and prevent further activity.

Moreover, Microsoft said that it doesn’t rely on the secrecy of source code as a security tool. In other words, Microsoft assumes attackers will access source code, and so relies on other tools to protect itself. The company made a similar remark following the massive Solarwinds breach in 2020.

Lapsus$ claimed it got access to around 45 percent of the code for Bing and Cortana, as well as some 90 percent of code for Bing Maps.

The Verge notes that the Lapsus$ group claimed to be behind several recent security attacks and said it stole data from Okta, Samsung, Ubisoft, and Nvidia. While some of the companies have admitted data was stolen, Okta refuted the group’s claims and said its service hadn’t been breached.

Microsoft wrapped up its blog post by outlining steps organizations can take to improve security, especially in regard to Lapsus$. The company described the Lapsus$ attack pattern as gaining “access through stolen credentials that enable data theft and destructive attacks against a targeted organization, often resulting in extortion.”

With that in mind, Microsoft suggests organizations require employees to use multi-factor authentication, or MFA (also called two-factor authentication, or 2FA). MFA involves using multiple methods of authenticating users, such as passwords combined with a one-time passcode (OTP) sent via email, SMS, or through an authentication app. Of the three, Microsoft recommends using a dedicated authentication app to avoid vulnerabilities with email or SMS OTP codes, such as SIM swap attacks commonly used to intercept these codes.

Source: Microsoft Via: The Verge

Former Microsoft CEO Steve Ballmer had wanted the company’s AI to be called “Bingo,” according to former Microsoft product manager Sandeep Paruchuri.

Speaking to WhatsApp’s Alice Newton Rex for Big Bets, Parachuri said Ballmer, who served as Microsoft CEO from 2000 to 2014, had intended for the AI to be called Bingo so it would be more in line with the branding for Microsoft’s “Bing” search engine.

“Ballmer had poor product taste,” Parachuri told Big Bets. However, Ballmer’s successor, Satya Nadella, ultimately agreed with Parachuri’s team that “Cortana” was a more appropriate name.

Of course, the AI would eventually be called “Cortana,” based on the eponymous blue AI from Microsoft’s iconic Halo video game franchise. Given that Halo is continuing to go strong 20 years after its debut, while Bing is not many people’s go-to search engine, the decision to name the AI after the former arguably seems to have panned out better.

Overall, Parachuri’s interview with Big Bets is quite an interesting read, going behind-the-scenes on the making of Microsoft’s AI. You can read it in full here.

Image credit: Xbox

Source: Big Bets