“`html
U.S. Senator Ron Wyden (D-OR) has formally requested the Federal Trade Commission (FTC) to investigate Microsoft’s dominance in the enterprise IT market and its alleged cybersecurity negligence, claiming it poses a significant threat to national security, CNBC has learned.
In a strongly worded letter to the FTC, Senator Wyden argues that Microsoft’s near-monopoly in enterprise IT elevates its cybersecurity failings from mere corporate issues to matters of national security. The letter highlights concerns that vulnerabilities in Microsoft’s systems could be exploited to compromise critical infrastructure and sensitive government data.
Wyden’s criticism centers on what he describes as Microsoft’s prioritization of profits over robust security practices. He accuses the tech giant of profiting from selling cybersecurity add-ons and services to address vulnerabilities that he believes should have been prevented in the first place. This approach, Wyden contends, is akin to “an arsonist selling victims fire extinguishers.” The senator specifically cites concerns about Microsoft’s reliance on outdated encryption technologies and its failure to implement stricter security protocols for administrator accounts.
While users can manually adjust security settings, Wyden points out that many do not, leaving systems vulnerable to exploitation. He places the blame squarely on Microsoft, citing examples such as the continued use of the obsolete RC4 encryption algorithm. Despite assurances made to Senator Wyden nearly a year ago that RC4 would be disabled, the senator alleges that Microsoft has yet to fulfill this commitment. RC4 has known vulnerabilities and is generally considered insecure for modern applications.
Furthermore, Wyden’s letter highlights the discrepancy between Microsoft’s recommended password length (at least 14 characters) to mitigate brute-force attacks and the lack of enforcement of such restrictions on administrator accounts within its own software. This, he argues, represents a significant oversight and a failure to prioritize basic security hygiene.
The implication is that Microsoft, leveraging its entrenched market position, has not been sufficiently incentivized to invest in proactive security measures. This alleged complacency, according to Wyden, creates a systemic risk for both government agencies and private sector organizations reliant on Microsoft’s products and services, particular its dominant Windows operating system and the Azure cloud platform.
Wyden urged the FTC to investigate Microsoft and hold the company accountable for damages caused by its software to critical government and public infrastructure. He concludes that unless Microsoft is held responsible for its de facto monopoly in the enterprise IT market and its alleged negligence in developing secure software and operating systems, similar attacks will be inevitable. The investigation sought would also probe whether Microsoft’s business practices constitute unfair competition or anti-competitive behavior that further exacerbates security risks.
“`
Original article, Author: Tobias. If you wish to reprint this article, please indicate the source:https://aicnbc.com/9184.html
