the good news is that it does make windows more secure. you cant hack something that has crashed.
Remember guys, it took about a decade for Solar Winds to discover somebody had root access to everybody that used their software, another decade for somebody outside Solar Winds to discover it and tell everybody, and half a decade with nobody claiming to have solved the issue up to now.
So when you believe that your computer with an EDS is safe just because you can’t use it, think again.
EDS?
It’s an oops.
It should be IDS.
That’s intrusion detection system, right?
Reminds me of a local cyber security firm, which declares war on a group of hackers. The CEO went on television to “double dog dare” the hackers to hack their servers and claim their firewalls are impenetrable.
Well you can guess the results, within 48 hours, their servers went down one after another. And when shit about to hit the fan, they literally turned off all of their servers for days. They hired a 3rd party IT firm to patch their security, then the CEO declared victory in a local newspaper.
Similar thing happened to the idiot CEO of Lifelock that used to advertise his actual social security number everywhere.
I used to work at Equifax. LifeLock was the subject of many corporate trainings.
The most secure computer is the one not running any software. That’s why I recommend Crowdstrike.
The fact that random companies like Crowdstrike have kernel drivers in millions of computers they they ship remotely is a security risk in and of itself. We’re lucky crowdstrike just shipped a bug that crashes computers, other companies could have shipped a lot worse.
other companies could have shipped a lot worse.
other
companiesgovernments could have shipped a lot worse.FTFY
other
companiesgovernmentscould havemay have already shipped a lot worse.FTFY (high five!)
I’d swap may out for probably TBH.
I’d laugh if this wasn’t affecting me directly.
I can laugh either for or at you, if you want.
I’ll pour one out for the frontliners.
I laugh and it does/did(over now) affect me. Bwahaha. Im getting work done and nobody can interrupt with email.
All I’ve noticed is that a lot of internet related things in my work are much faster today.
The schadenfreude could only be sweeter if my company used CrowdStrike on all the Windows systems. Then I really would have had a very peaceful focused day.
I really don’t want to be the guy responsible for this fuck up
For a company this big it would also have to have gotten past a code review and QA team, right? … right? …
Of course, of course. This is how these things are always done.
I like how they kept on pushing the update for hours
Code review, QA team, hours of being baked on an internal test network, incremental exponential roll out to the world, starting slow so that any problems can be immediately rolled back. If they didn’t have those basics, they have no business being a tech company, let alone a security company who puts out windows drivers.
This is an industry wide issue. This is just the first symptom.
What we need is to stop the blind trust
Yeah and that means they won’t nail some poor schmuck to the wall over this?
Yeah, something this big is absolutely not one engineer’s fault. Even if that engineer maliciously pushed an update, it’s not their fault — it was a complete failure of the organization, and one person having the ability to wreck havoc like this is the failure.
And I actually have some amount of hope that, in this case, it is being recognized as such.
I agree but they will still blame it all on that one guy.
No they won’t, not if they’re in the slightest bit competent.
Blameless post-mortem culture is very common at big IT organizations. For a fuck-up this size, there are going to be dozens of problems identified, from bad QA processes, to bad code review processes, to bad documentation, to bad corner cases in tools.
There will probably be some guy (or gal) who pushed the button, but unless what that person did was utterly reckless (like pushing an update while high or drunk, or pushing a change then turning off her phone and going dark, or whatever) the person who pushed the button will probably be a legend to their peers. Even if they made a big mistake, if they followed standard procedures while doing it, almost everyone will recognize they’re not at fault, they just got to be the unlucky person who pushed the button this time.
He’ll just get fired, apply somewhere else, and they’ll only know the dates he worked at CrowdStrike.
If anybody cared, they would have switched away from M$ by now.
The problem is the blind trust of these “vendors”
Decentralize control
Centralize control in house.
Compared to the status quo, that’s much more decentralized.
Username kinda ckecks out
And on this day, I’m glad I only support an air-gapped Unix system.
Just remember to take off on 2038-01-19
Oh no, you misunderstand. I support a Unix system. Not Linux, not BSD, not Solaris. Y2K will be a problem in 2029 if don’t remember to set the clock back. Assuming the PDP-11 still works by then.
Does it not have epoch set to
1970-01-01 00:00:00
? Or does the PDP-11 only use a non power of 2 number of bits, and you’ve already set the clock back before? Genuinely curious, never heard of 2029 problem before.Not a 2029 problem, maybe could have been clearer there. The clock is set 30 years behind. So, the clock will roll over to the year 2000 in 2030, meaning it will be a problem to address in 2029.
More like ClownStrike.
Cloudstriked
They striked all right
Sometimes you have to learn the hard way…
Ha guess why I’m on lemmy right now.
They stop breaches if nothing’s turned on. Roll safe (mode)
MS’s built-in security platform is top tier also. Some companies like alternative products.
There is nothing Microsoft I would consider “top tier” when it comes to security.
Defender does a great job for many AV tasks. Crowdstrike does more, and protection isn’t tied to windows updates.
This isn’t a situation where companies just chose not to use the free item, the free item has other costs (management overhead) and is missing some features.
The best answer, of course, is to not use windows for anything that needs to be secure.
Edit: For those who think I’m wrong, cool. I’m not but you are welcome to disagree.
There is a difference between the free defender and paid for defender. If you’re a home user, check out defenderui.com to get (many, not all) features that are normally limited to intune/gpo.
A full and proper deployed defender stack is very good, but in terms of management… The approach to different os’s is practically cobbled together, the webui is horrific, and it lacks some basic functionality. A problem to manage a system like this is a problem to deploy a system like this.
If you’re on the free Defender level, you are not getting anywhere near the same features as falcon, there is absolutely zero question about that.
There is nothing Microsoft I would consider “top tier” when it comes to security.
Counterpoint: Xbox consoles. They just stick everything inside of VMs a la QubesOS
I’ll be totally candid, I have no idea what version of Xbox is current these days.
But didn’t they have a CVE a few months ago they previously claimed wasn’t an issue?
Edit: Found it. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28916
Seems like that’s a Windows issue and not Xbox. There was a recently released kernel exploit for Xbox, but it’s sandboxed to the SystemOS.
If you want to pwn the Xbox OS entirely, you would need a hypervisor escape exploit, which is very difficult to accomplish.
That’s gaming services, so I guess it’s windows only then, you’re right. Like I said, no idea regarding anything about current consoles for me. Haven’t played on a console since the 360.
Are you familiar with QubesOS? It has a similar security model to the Xbox consoles.
Basically, the host OS only exists to run VMs, which includes separate VMs for networking, USB devices, applications, etc. With QubesOS, you can also pass through something like a GPU for use in a dedicated gaming VM (although you can do that on any Linux distro).
Plenty familiar with qubes, just not familiar with any current consoles.
The best answer, of course, is to not use windows for anything that needs to be secure.
Edit: For those who think I’m wrong, cool. I’m not but you are welcome to disagree.
- Linux admins here: Quiet nods and knowing looks.
- Windows admins here: quiet awkward glances at each other to see if anyone wants to defend MS today.
- Mac admins here: quiet awkward glances to see if anyone feels like this was any better than a coin toss chance of happening just to Macs, today, instead.
Theoretically, this could hit Linux too. You could run a Linux kernel mod containing closed source stuff from a third party vendor which causes the system to kernel panic. The difference is really cultural. Linux admins would howl at that kind of setup, whereas for Windows it’s more standard.
Also: don’t trust your employees to boot into safe mode.
Trust a 3rd party to freely install system level files at any time.I knew how to fix the computers at work today in the morning, but we couldn’t get through to the help desk to get the bit locker codes for each computer until near the end of the day.
Also: don’t trust your employees to boot into safe mode. Trust a 3rd party to freely install system level files at any time.
Exactly. This is exactly the problem, and unless people wisen up the software security problem is only going to get worse. Companies and Governments need to rethink how they approach security entirely. This is a preview of what is to come, its only going to get worse and more damaging from here, and none of the vendors care.
Companies and Governments need to rethink how they approach security entirely. This is a preview of what is to come, its only going to get worse and more damaging from here, and none of the vendors care.
It is easy one for goverments. Ban security through obscurity. As well proprietary security software.
Moonbutt’s moonbuck))) Have I seen you somewhere?
Ban security through obscurity. As well proprietary security software.
The government likes proprietary software. They are never going to ban it.
Yeah, time to switch from CrowdStrike to SolarWinds…
I’m pretty sure Windows is plenty secure. It isn’t private or usercentric but of on a security perspective it isn’t bad.
Linux has plenty of security problems just like any OS
Defending Windows in a linux memes community.
That’s a bold move cotton, let’s see how that works out for 'em