Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Microsoft Security

Microsoft Security Chief Issues Call To Arms To Protect Metaverse (bloomberg.com) 40

Microsoft's new security chief Charlie Bell issued a call to arms to build protection from hackers and criminals in the emerging metaverse from the start of the new technology. From a report: "There's going to be a lot of innovation and there will be a lot of struggling to figure out what has to be done," Bell said in an interview. "But I think because of the speed, there will be fast innovation on the security side."

The metaverse -- a concept that promises to let users live, work and play within interconnected virtual worlds -- will present some unique and more serious security challenges for technology and cybersecurity companies. As an example, hackers may be able to make avatars that look like a user's trusted contacts, a twist on the traditional email phishing scheme that will be hard for users to resist, he said. The nature of the metaverse, which offers the possibility of less centralized control of content and users, also is a challenge for those trying to protect customers.

"Picture what phishing could look like in the metaverse -- it won't be a fake e-mail from your bank," wrote Bell, Microsoft's executive vice president, security, compliance, identity, and management, in a blog posted Monday on Microsoft's web site. "It could be an avatar of a teller in a virtual bank lobby asking for your information. It could be an impersonation of your CEO inviting you to a meeting in a malicious virtual conference room."

This discussion has been archived. No new comments can be posted.

Microsoft Security Chief Issues Call To Arms To Protect Metaverse

Comments Filter:
  • Damn... I have to clean coffee off my screen now. Oh yes, entrust the safety of the new internet you are hallucinating to Microsoft. That has never been a bad plan before.
    • exactly.
      microsoft offering to help.
      is like.
      the four horsemen coming to help plow your field.

    • Wait, so basically this just evolves into a trust game. Lets assume Microsoft wants to take the roll of some kind of "avatar approving police" and Facebook (for whatever reason) gives them that responsibility.

      So all of these horrific things: showing up to a virtual bank looking like a bank teller person, Microsoft will still be able to do. Sysadmins at Microsoft would eventually become like gods.

      No thanks, lets flush this whole stupid idea before it evolves more. The average user isn't that dumb to eat this

    • +1 funny. It's comments like that that keep me coming back to slashdot.
  • Avoid any product claiming to be part of the metaverse like the plague.

    If such a thing ever exists in a singular form, it will only be to sell you something or monetize you. It will probably be run by a conglomerate of corporations, hidden behind a veneer of "community" maybe even something with blockchain (assuming noone has been able to put a stake in that bullshit by then).

    Microsoft and Facebook just want to be the ones to exploit you in the metaverse, and scammers will get in the way of that.

    • Didn't we already have the metaverse, with companies buying entire islands and such? There are still people who might give Second Life a try, but it didn't really offer much that was a boon for day to day stuff, especially for businesses. 2L is still around, and I wonder about playing just to see what stuff was placed there and abandoned, but it appears to be a shadow of what it was supposed to be.

      I've not seen anyone adopt Metaverse for anything. Who knows, it may gain momentum, but it just may be yet a

  • Just shut it all down and forget the whole concept.

    • As a half assed poet I've never metaverse I didn't like. Once the AIs take over there will be nothing else to do but get lost in the artificial jungles of imaginative demons and sex mad dragons waiting for bored humans to be eager for novel libidinous adventures while hackers devise new ways to steal your wallet. Who could resist adventures like that?
    • Ever since reading the Otherland series a lot of years ago I've hoped that someday a VR Internet similar to it (minus the death and torture) would exist some day.

      But then came social media, the events of 2020 and all the disinformation warriors. And this 'verse is owned by Facebook. I kind of feel like plugging into that would be like sitting calm and still while my worst enemy performs brain surgery on me. No thanks!

      I'd rather not entirely forget the idea though. Just wait for another implementation.

  • First off, Microsoft has a security chief?

    Second off, why bother trying to secure something that doesn't exist?

    Third off, if it ever does exist, it won't resemble anything being day-dreamed and fantasized about right now.

    Fourth off, burn the parents at the stake before they give birth to this abomination. There's no need to pretend this will be a net positive for humanity.

    Man alive if we could get less stories about Web3 (hallucination), Metaverse (drug induced hallucination) and Microsoft "security" (drunk

    • by ink ( 4325 )

      Regarding your second point, I have my doubts about what this "metaverse" or "web 3.0" endeavor (which so many are yammering on about) even is -- but baking security into a New Thing from the start is a no-duh strategy. Just look at DNS, and the decades of pain because of its lack of security. It's kind of amusing that its even news that Microsoft's security chief thinks the New Thing should have security in it.

  • Maybe MS could stop its own updates looking like a fucking virus itself, changing settings without permission, installing/uninstalling shit without user knowledge, interrupting use and locking down a system until its installed - in fact, maybe MS is a pretty shitty entity to take ANY security advice from generally?

  • ""Picture what phishing could look like in the metaverse -- it won't be a fake e-mail from your bank," wrote Bell, Microsoft's executive vice president, security, compliance, identity, and management, in a blog posted Monday on Microsoft's web site. "It could be an avatar of a teller in a virtual bank lobby asking for your information. It could be an impersonation of your CEO inviting you to a meeting in a malicious virtual conference room.""

    Why would we picture that? The technology in this space hasn't adv
  • ... right after you hired prince Andrew as babysitter for your children and invested your life-savings into some NFTs.
  • You are serious "avatar of a teller in a virtual bank lobby asking for your information"?!?!?
    Why would you do this? Attempt "real" banking in the MetaScam? What's wrong with people? Gawd...
    • I can see it being popular in a chairbound wall-e future

    • If you aren't there for entertainment purposes, then why? I mean how stupid do you have to be after seeing what the two dimensional web has turned into? Now there is another dimension to be a victim.

      -congratulations sucker
  • Metaverse is the deadcat bounce, and microsoft wants to dribble it like a basketball before it goes offline forever
  • The software companies will need to work together on interoperability of identities -- so a user can show they are who they say they are across multiple metaverses -- and on other security tools and steps, Bell wrote. Failing to plan ahead may doom the new technology.

    What Microsoft is saying here is that they want centralization that can be snooped on, because Microsoft's primary purpose today is to function as a portion of the panopticon. They are well-known to be a part of data collection schemes like PR [wikipedia.org]

  • From Microsoft no less? When will MS Outlook prevent spammers putting meetings directly on my calendar? Even as "tentative" that's unacceptable and a DDOS waiting to happen. Isn't this an an indicator of how well they'd resist VR/AR attacks?
  • So hackers and criminals like Facebook and MS themselves? Facebook has always been pretty transparently a social engineering hack to part people from their personal information. Sometimes only retroactively within the bounds of the law (after they fix their privacy terms after the fact). Not surprising it is easy to mount attacks that steal personal info when that is what the system was built for. MS has the same questionable relationship to the law, which is that their system is built primarily to make
  • There is no "Metaverse". There is only a more intrusive way to push advertisements and product placements on you.

  • Why would you be relying on visual cues to let you know who is who in the metaverse?

    Shouldn't there be some sort of ID that you could look at? Or authentication?

    Nope, must rely on the fact that the avatar with the purple spiked hair and nosering is the CEO. No other way to be sure, really!

  • https://blogs.microsoft.com/bl... [microsoft.com]

    I didn't find it within the Bloomberg article, so I dug it up via Bing.
  • ... is going to be a cock up.

    It's going to end up as a lame series of "walled gardens" where you pay with your data and end up with a gazillion adverts, NFT's etc. shoved in your face.
    Where everything has a price tag attached, unless you grind, where in the real world, warehouses full of "grinders" "engage" with these "metaverses" in order to make real world currency for unscrupulous scumbags - in short, a living hell.

    Lest we forget, the very idea of a MetaVerse in fiction - Snow Crash - is dystopian - and

  • There is nothing worthwhile or protection-worthy in the "meta"-verse. In fact, there is hardly anything at all. And the faster this bad idea vanishes again, the better for everybody. Well, except for Farcebook and Microsoft.

  • only that Facebook actually has some limited use. Normal people can make Posts. With the "Metaverse" the cost of entering as anything other than a dumb consumer will be prohibitively high.

    In Germany we actually had that with "Bildschirmtext" as run by the postal company. It was an online service with a very nifty (for the early 1980s) technology behind it. It was designed to make it easy to read pages from it. However making pages not only required expensive equipment, but also expensive hosting. So in the

  • "..It could be an impersonation of your CEO inviting you to a meeting in a malicious virtual conference room."

    it could even be a virus that'll deprogram you into a mindless zombie to be controlled by the religious faction.

  • Meta is garbage.
  • The state security apparatus has required all tech companies to install backdoors in their equipment. That's why the NSA wants you to swap out your Huawei equipment for theirs. They also require you to use only NSA weakened algorithms.
  • Which metaverse do they want to protect? Second Life? The Microsoft one where you are battling on a giant ring-like planet? One of the many other metaverses? Surely each will require different protections.

Mediocrity finds safety in standardization. -- Frederick Crane

Working...