• @NeoNachtwaechter
    link
    English
    642 months ago

    And next time facebook hosts a summit about data privacy.

    /s

    • @Womble
      link
      English
      132 months ago

      That seems a bit of a non-story given that its prefaced on “once the attacker has access to your work email”. Yes once they have that they can do very good spear phishing attacks using copilot, but they could easily do them without copilot too.

  • N3Cr0
    link
    English
    232 months ago

    This 3rd party software company fucked up and M$oft get the pressure, so they act like they are responsible.

    Even the customers fucked up by using a vital piece of software where they cannot test the updates before rollout.

    • Billegh
      link
      English
      122 months ago

      Right? I wish they’d respond like this when they themselves fuck up.

    • geekwithsoul
      link
      fedilink
      English
      82 months ago

      A third party vendor whose entire business model is predicated on the fact that security is such an afterthought at Microsoft that enterprise customers need to resort to this kind of crap for a bare minimum of security.

      • @IsThisAnAI
        link
        English
        -12 months ago

        🙄 because FOSS never has any serious cve and malicious code.

        • geekwithsoul
          link
          fedilink
          English
          52 months ago

          Never said it didn’t. Doesn’t change the fact that Microsoft is notoriously worse by every metric and because of its position in the market is far more potentially damaging. Almost like if you sell an OS as something that can be trusted to run mission critical applications, you probably shouldn’t phone it in when it comes to securing that OS.

          • @IsThisAnAI
            link
            English
            -72 months ago

            🙄👌👍

            Definitely just not easier to use even you don’t want to fuck around in the terminal.

              • @IsThisAnAI
                link
                English
                22 months ago

                Contributor to TF and several CNCF projects. You use my code every day. Different tools different jobs twat.

                • @[email protected]
                  link
                  fedilink
                  English
                  12 months ago

                  Apologies, I misread your comment as saying you had to use the terminal to use Linux (I was drunk ngl). I still believe Linux is easier to use than Windows with the caveat that the easiest system to use will always be the one you have the most experience with. I switched from MacOS/Windows to Fedora on my personal machine a few months ago and it’s been smooth sailing for me, though I have always used Linux at least somewhat (I work in cyber security), so that has probably helped.

                  Dismissing Linux as a tool for a different job (ie not personal/business computing) is an odd position to take for someone with your experience.

    • @[email protected]
      link
      fedilink
      English
      62 months ago

      This is also MS’s fault because they never provided a proper API for security products like MacOS, so they end up having to run them all inside the kernel.

      The reason for this omission was to give a competitive advantage to their own security products while also being cheaper.

    • @[email protected]
      link
      fedilink
      English
      02 months ago

      This 3rd party software company fucked up

      NO.

      Clowntrike didn’t fuck up. They offered an externally-managed service that people allowed into their network because they didn’t really clue in how monumentally stupid this is. You’re blaming the gas station for blowing up your car or the leopards for eating your face. Customers who actually gave them money - the people who struggle with “that’s hot, so don’t touch it” - are a dime a dozen, and clowntrike was just taking advantage of the stupid. This has been the American way since snake oil salesmen during the gold rush.

      We fucked up by not watching our stupider techbro friends better suited to a ward somewhere than a c-suite job. We should have been ridiculing them mercilessly so their shame would make them choose better.

  • @emax_gomax
    link
    English
    152 months ago

    Didn’t 5h3y just release an update that bricked dual boot installs. Something tells me someone else should be organising this. Someone that actually cares.

  • @Defaced
    link
    English
    102 months ago

    So are they going to reassess the capability of kernel level drivers like crowdstrike and anticheat solutions like vanguard? Because of they keep this capability open then they’re just asking for another fuck up.

  • @billbasher
    link
    English
    82 months ago

    They had better bring up that Secure Boot f up too

  • @mlg
    link
    English
    62 months ago

    Reminds me of solarwinds doing security seminars after getting breached lol

  • @werefreeatlast
    link
    English
    5
    edit-2
    2 months ago

    Do not use windows or Microsoft solutions. That’s security rule #1.

    For that to work, the hardware vendors should sell hardware that has opensource code that is easily corrected if there’s a security or other type of problem. For that to happen, Microsoft and other such companies need to stop monopolizing technologies. The government should make some changes to their parenting system. For example it should be illegal for companies to force their scientists and engineers to sell their patents automatically to the company. Instead only human people who can invent things should be the owners of the things they invent. If a company wants to keep a hold on that tech, keep the people who invented it happy. Let them own their tech so they can decide to sell it, trade it or make it free. Make it such that only people and not corporations can actually own the patents. Inquire and investigate companies that don’t follow the rules.

    • @[email protected]
      link
      fedilink
      English
      22 months ago

      it should be illegal for companies to force their scientists and engineers to sell their parents automatically to the company

      It’s already illegal

      /jk

      patents*

      • @werefreeatlast
        link
        English
        32 months ago

        Wait a minute! It should be illegal to sell their parents for sure! I’ve never sold my parents either!

  • @[email protected]
    link
    fedilink
    English
    42 months ago

    ClownTrike: allows people to let leopards eat their face

    Microsoft: “Fucking casual. Hold my zune, watch and learn”

    I’m not worried: Outlook will cack halfway through sending the iCal invites, which are probably not even valid format anyway.

      • @[email protected]
        link
        fedilink
        English
        3
        edit-2
        2 months ago

        They just made the poor decisions that made CrowdStrike required in the first place.

        • @db2
          link
          English
          22 months ago

          It exists on OSX and Linux too, they just don’t do the thing that took down Windows so they weren’t impacted.

          • @[email protected]
            link
            fedilink
            English
            3
            edit-2
            2 months ago

            Existing and being necessary are two different things. Linux and MacOS are operating systems. Windows is an ad delivery system that masquerades as an operating system.

          • @[email protected]
            link
            fedilink
            English
            82 months ago

            If Windows had better security and update practices, software like CrowdStrike wouldn’t be a necessity.

            • @[email protected]
              link
              fedilink
              English
              12 months ago

              If windows were absolutely perfect with no flaws whatsoever, CrowdStrike wouldn’t be a necessity. I agree with that.

              Unfortunately we live in the real world and no OS is perfect so software like CrowdStrike exists on lots of operating systems.

              Btw, Crowdstrike isn’t necessary but it’s very nice to have for companies. You don’t need real time protection like that on a normal client you use at home.

        • @[email protected]
          link
          fedilink
          English
          12 months ago

          It needs that kind of access to fight advanced attacks. It would surprise me if similar EDR programs didn’t have similar access on Linux systems, for example.

          • @[email protected]
            link
            fedilink
            English
            12 months ago

            No, you make a management API for security products that run in user space as root, you don’t use kernel modules.

              • @[email protected]
                link
                fedilink
                English
                1
                edit-2
                2 months ago

                Currently, cloudstrike offers two methods for Linux: a kernel driver / module and a theoretically safer alternative using epbf (you could call that “kernel level scripting”). Ironically, they triggered a kernel bug using that second option. They did not test all kernels they listed as compatible or something like that.

  • @RangerJosie
    link
    English
    02 months ago

    Don’t they have an easily hacked screenshot collecting bit of Bloat/Spyware they’re desperately trying to get everyone to use?

    • @Vince
      link
      English
      12 months ago

      Sounds like something they should talk about in some kind of summit about security