They exist.

Thanks. I had a feeling this was the case.

I'm too lazy to do the math, but how likely is a sample of 48 from the population likely to turn up that kind of accident rate?

That's probably the biggest reason to have good in-house security people. They don't have a financial interest to make breaches or lie about them. It's in their best interest to keep everything secure, and continue to look for new ways to attempt breaking into their own stuff.

I've never felt good about letting third parties in to do security testing. When someone above my rank decided to let a 3rd party do external tests, they'll pick anything and make it sound disastrous. One place was bitching about anything.

They complained that we had the current version of Bind running on the DNS servers. "But people can do DNS requests!" Yup.

They flagged the fact that we dropped unwanted traffic at the firewall. Yup. Get over it. They were upset it took forever to scan the network. Good.

They flagged us for having a web server providing static content. They were upset they couldn't find any way to exploit CGIs or do SQL injection. Yup. That was kind of the idea.

There were a whole bunch of other trivial things that they flagged us for. Then they were brought to the office, and got upset that we didn't provide wifi. Nope, that's a security risk. They wanted to plug their laptop into our network, so they were only given external access. Again, they bitched. But letting an unknown computer owned by an unauthorized party plug into our network is a security risk.

They eventually gave up trying to bully us into dropping our security precautions and gave us a pass.

I already habitually ran tests with privileged access to make sure even if all layers of protection failed, nothing really bad could happen.

Honestly, if they are given everything, they can find something. Give them administrative rights to everything, and credentials to everything, they can find something. Like, email accounts can be accessed with full admin rights. Funny how that works.

'Old'? I bet our European friends will be laughing their asses off at this descriptor.

I feel fine.

At least the political stuff, the spying stuff, etc. is 'stuff that matters'. This? Just bandwagon jumping clickbait. Is there no way this story could have been spun to include testing standards, analysis of effect on the game, or something even vaguely, remotely applicable to the audience of this site?

Yup, if it wasn't Microsoft, all kinds of other companies could have dominated the desktop market. IBM (OS/2), Quarterdeck (DESQview/X), Apple (Mac OS), NeXT (NeXT), any number of *nix companies (X11), and others.

Microsoft got big because they got the consumers interested, and questionable deals with vendors.

Plenty of people only know the tunnel-vision version of computer history and they believe Microsoft is it. They either don't remember (or are too young to have seen) software boxes (ahh, the good ol' days) had logos to indicate which OS they worked on so you could pick the right one.

Saying "We're sure he had..." without evidence is not evidence. They have to have the evidence that he actually *did* have what is claimed.

That's the hard part. They have to gather the evidence to get the conviction. Without evidence, they can't get a conviction. At least if you have a competent attorney. If you have a crappy one, you'll get the 5 years because they talked you into taking a pre-trial plea agreement. That's how innocent people go to jail.

Remember 7/11 buddy. 7/11. ... I think today is 2 for 1 Slurpee day.