Notices by Brian Greenberg :verified: (brian_greenberg@infosec.exchange)

An ex-Azure engineer published six essays arguing Microsoft's cloud has been on life support since 2008, and the cause isn't bad code. It's bad people decisions. Rushed launch, post-launch talent exodus, no testing discipline, no architectural vision. Sound familiar to anyone who's worked in a place that ships first and staffs later?

Now layer 2026 on top. Microsoft cut roughly 15,000 jobs in mid-2025. Coding agents are pumping out 4x more commits in 90 days. GitHub's unofficial uptime has slipped under 90% and the proposed fix is, wait for it, moving more of GitHub onto Azure. The same Azure the engineer says is held together with rushed decisions and wishful thinking.

🧠 The phrase that stuck with me is "knowledge dilution from high attrition." When the senior people who knew why a system was built that way leave, no LLM in the world can recover that context
🤖 More AI-written code does not mean less work. It means more code to review, test, deploy, and run, which means more compute and more humans needed downstream
📉 OpenAI signing an $11.9B compute deal with CoreWeave in March 2025 was the loudest "we don't trust your capacity" signal Microsoft has ever received from its closest partner
🪑 The bet that AI lets you cut headcount keeps colliding with the reality that AI generates work for humans faster than it removes it

Every CIO I talk to is being pitched the same dream: fewer engineers, more agents, lower run rate. The Azure story is what happens when that math doesn't pencil out and the bill comes due in incidents instead of dollars.

https://www.theregister.com/2026/04/04/azure_talent_exodus/
#Azure #AI #Leadership #security #privacy #cloud #infosec #cybersecurity #software #devops

A startup is putting military-style drones in high school ceilings. Ceiling-mounted. Charging. Waiting. And when something happens, a pilot in Austin, Texas, decides whether to deploy pepper gel on your kid's school. I'm not saying the problem isn't real. It absolutely is. But read that back.... in schools. We've taken a Ukrainian battlefield tactic against Russian soldiers and ported it to Deltona High School in Florida. The co-founder literally said the idea came from watching drone videos of the war in Ukraine. The chief pilot described it as "cheating in a video game after you die." These are children.

Here's what's not in the headline:

🔒 The drones use an encrypted connection — but the article notes they're potentially vulnerable to cyberattack. A compromised drone in a crowded hallway isn't a security tool; it's a weapon pointed in the wrong direction.

⚖️ Mithril reserves the right to act independently during an attack, without waiting for law enforcement. A private company operating remotely is making use-of-force decisions at a school.

💰 Florida and Georgia approved $500K+ each for this. A group of Texas parents raised $200K more. That's real money going to ceiling drones instead of mental health services, counselors, or de-escalation programs.

The ACLU said it plainly: when force becomes a zero-risk remote action, it gets overused. Axon tried a Taser drone for schools in 2022, and its own ethics board killed it. Mithril is picking up where that got dropped.

I teach cybersecurity. I've spent years in boardrooms helping organizations think through risk. And the risk calculus here isn't just about whether the drone works. It's about what we're normalizing when we turn schools into drone-monitored combat zones and call it progress.

"This is the future," said the sheriff's captain.

I hope not.

https://www.wsj.com/business/a-startup-is-supplying-drones-to-high-schools-a7800ade
#SchoolSafety #Cybersecurity #Leadership #security #privacy #cloud #infosec

I teach cybersecurity. And I genuinely don't know what to tell my students after this one. Federal reviewers spent years trying to get basic encryption documentation from Microsoft for its GCC High government cloud. They couldn't get it. One reviewer called the system a "pile of spaghetti pies," with data traveling from point A to point B the way you'd get from Chicago to New York: a bus to St. Louis, a ferry to Pittsburgh, and a flight to Newark. Each leg is a potential hijacking. They knew this. They said this out loud in writing. Then they approved it anyway in December 2024, because too many agencies were already using it. 🔐 That's not a security review. That's a hostage negotiation. Two things in this story should make every CISO and CIO uncomfortable:

🧩 Microsoft built its federal cloud on top of decades of legacy code that it apparently can't fully document itself
👮 "Digital escorts" often ex-military with minimal software engineering backgrounds are the firewall between Chinese engineers working on the system and classified U.S. networks 🤦🏻♂️

The scariest line in the whole ProPublica investigation isn't the "pile of shit" quote. It's this: FedRAMP determined that refusing authorization wasn't feasible because agencies were already using the product. Read that again. The security review process reached a conclusion based on sunk cost, not risk. Ex Post Facto Fallacy

If that logic holds, the compliance framework is just documentation theater. And right now, CISA is being hollowed out, so there are fewer people left to even run the theater.

https://arstechnica.com/information-technology/2026/03/federal-cyber-experts-called-microsofts-cloud-a-pile-of-shit-approved-it-anyway/
#Cybersecurity #Microsoft #FedRAMP #Leadership #RiskManagement #security #privacy #cloud #infosec

🇩🇰 Denmark has quietly done something radical: it stopped pretending the past will come back. By becoming the first country to end traditional letter deliveries, it acknowledged what everyone already knows, but few governments act on. Most communication is digital, most citizens expect it instantly, and maintaining legacy systems out of sentiment is expensive theater. This is an admission of reality. Infrastructure should follow behavior, not nostalgia. When governments modernize based on how people actually live, they free resources for services that matter now, not ones that mattered in 1998. The uncomfortable truth is this: the future doesn’t arrive with drama. It shows up when someone finally turns off the old machine and doesn’t apologize for it.

TL;DR
🧠 Denmark ends national letter delivery
⚡ Digital-first communication becomes the default
🎓 Legacy systems cost more than we admit
🔍 Modernization starts with honest decisions

https://www.perthnow.com.au/news/business/denmark-becomes-first-nation-to-end-letter-deliveries-c-21167383

#DigitalGovernment #Innovation #PublicPolicy #FutureOfWork #Leadership

We are watching a new kind of misinformation creep in: bogus quotes invented by sloppy AI assisted reporting. EFF caught multiple outlets attributing fake statements to their staff, and one even cited a person who does not exist. The editor at one site owned it and called it AI slop. The fix is boring but real: verify the quote, verify the link, then publish.

TL;DR
📰 Fake EFF quotes showed up across several outlets
🤖 Editor blamed AI slop and apologized
🔎 Verify quotes and links before you share
🛡️ Newsrooms need written policies and human checks

https://www.eff.org/deeplinks/2025/09/wave-phony-news-quotes-affects-everyone-including-eff

#AI #Misinformation #Journalism #Media #security #privacy #cloud #infosec #cybersecurity @EFF #EFF

So the Secret Service just rolled up a massive SIM farm in NYC, and it looks like a nation-state operation. We're not talking about some small time fraud, but an infrastructure play with 100,000 SIM cards, apparently capable of taking down the city's cellular grid. This feels less like simple espionage and more like preparation for some kind of offensive cyber or information warfare campaign. The fact that it was discovered during an investigation into threats against officials makes you wonder what the primary mission really was.
TL;DR
⚠️ A massive SIM farm with 100,000 cards was seized in New York City.
🕵️ The operation is believed to be the work of a nation-state actor.
💥 The setup was powerful enough to potentially disable cell towers and launch denial of service attacks.
🤔 The ultimate goal is still unclear, but it points toward offensive capabilities, not just simple fraud. 
https://arstechnica.com/security/2025/09/us-uncovers-100000-sim-cards-that-could-have-shut-down-nyc-cell-network/
#CyberSecurity #ThreatIntel #NationalSecurity #Infrastructure #security #privacy #cloud #infosec

🤖 Gemini’s Gmail summaries were just caught parroting phishing scams. A security researcher embedded hidden prompts in email text (w/ white font, zero size) to make Gemini falsely claim the user's Gmail password was compromised and suggest calling a fake Google number. It's patched now, but the bigger issue remains: AI tools that interpret or summarize content can be manipulated just like humans. Attackers know this and will keep probing for prompt injection weaknesses.

TL;DR
⚠️ Invisible prompts misled Gemini
📩 AI summaries spoofed Gmail alerts
🔍 Prompt injection worked cleanly
🔐 Google patched, but risk remains

https://www.pcmag.com/news/google-gemini-bug-turns-gmail-summaries-into-phishing-attack
#cybersecurity #promptinjection #AIrisks #Gmail #security #privacy #cloud #infosec #AI

🚀 Voyager 1 isn’t done yet — not even close 🧠🔧📡

NASA just pulled off another miracle save:
🛰️ The spacecraft’s primary roll thrusters, offline since 2004, were believed permanently dead
🧯 With backup thrusters at risk of failure, JPL engineers gambled on a high-stakes heater reset
🔥 If wrong, it could’ve caused a small onboard explosion
📡 If right, it would restore control — 15.6 billion miles from Earth

They were right. The thrusters fired. Voyager 1 can still hold its course.

This wasn’t a reboot. It was old-school problem-solving, deep systems knowledge, and the audacity to trust an idea that might just work.

The most distant human object is still flying — because a team believed it could.

#Voyager1 #NASA #Space #Engineering #Resilience #DeepSpace
https://www.theregister.com/2025/05/15/voyager_1_survives_with_thruster_fix/

⚖️ Montana just became the first U.S. state to ban law enforcement from purchasing personal data from brokers — and it’s a privacy milestone 🚫📱

Under this new law:
📍 Government agencies can’t buy sensitive data (location, biometrics, etc.) without a warrant
🔍 It closes a major loophole used to sidestep Fourth Amendment protections
📄 Agencies also can’t require people to waive rights through service terms
🧱 It sets a precedent for digital due process in a data-saturated world

This isn’t just a state law. It’s a model for what digital civil liberties legislation should look like nationwide.

#Privacy #Surveillance #DigitalRights #DataBrokers #CyberLaw #security #cloud #infosec #cybersecurity
https://www.eff.org/deeplinks/2025/05/montana-becomes-first-state-close-law-enforcement-data-broker-loophole

🚨 Explosive allegations are hitting Elon Musk’s DOGE team.

A whistleblower says:
📂 10GB of NLRB data was exfiltrated
🔓 Security settings were disabled
📸 Photos of staff were used to intimidate
⚖️ Claims involve surveillance, union suppression, and cyber intrusion

Musk called it “insane,” but the NLRB is reportedly cooperating with federal investigations. Whether true or not — this underscores the growing overlap of cybersecurity, labor rights, and executive power.

#CyberSecurity #Whistleblower #ElonMusk #NLRB #DigitalEthics #security #privacy #cloud #infosec

https://www.npr.org/2025/04/15/nx-s1-5355896/doge-nlrb-elon-musk-spacex-security

🌐 Beyond Bluesky: The Rise of Decentralized Social Apps

The AT Protocol (ATProto), the open foundation behind Bluesky, is becoming a launchpad for next-gen social apps.

Some standout innovations:
・Flashes: A photo/video-sharing platform reminiscent of classic Instagram
・Spark: A video-first app with livestreaming on the way
・Streamplace: Livestreaming built with cryptographic creator protections
・Graze: Build, customize, and monetize your own social feeds

This signals a shift toward user-owned, open social ecosystems—a strong contrast to walled-garden platforms. Developers, creators, and users alike are embracing interoperability, privacy, and creative freedom.

👉 https://techcrunch.com/2025/03/30/beyond-bluesky-these-are-the-apps-building-social-experiences-on-the-at-protocol/

#DecentralizedWeb #ATProtocol #Bluesky #Web3 #SocialMediaInnovation #OpenSource