21-07-2024, 06:38 AM
(20-07-2024, 09:01 AM)Nick Wrote: It's absolutely nothing to do with "back doors". It's a 3rd party app that, in some cases, was auto-updating its threat database.
It's also absolutely nothing to do with the OS - the vendor also does macOS and Unix versions, but in this case the version update they screwed up was the Windows one.
There have been plenty of similar episodes involving Unix systems, though more often in the realm of exposing existing or creating new attack surfaces - the histories of OpenSSL and the Apache web server are examples.
It's also nothing whatsoever to do with hackers. It's a legit software vendor getting something basic very wrong. As I mentioned in my previous post, mitigating risk from upstream suppliers should be part of every DR & BC plan. However as also mentioned, it's extremely difficult to get this right every (or indeed any) time. In this case, folk were mitigating the risk from hackers by installing a preventative product (CrowdStrike Falcon) but hadn't mitigated the risk of that product itself being an issue.
Hackers, as the the real ones, not some 14 y/o spotty nerd in their bedroom just copying what someone else had done (aka "script kiddies"), are so far ahead of this trivial discussion that stating 'hackers all over the world will be viewing closely' is frankly laughable.
The press, e.g. the BBC, have largely got this one right. It's not complex. The complex ones never make it to the general press - you have to read the daily security researcher publications and CERT reports to even begin to realise what's going on. Then there's the private invitation-only groups which is where the real discussions happen. The general press are normally weeks behind what's happening on the ground, assuming they report it at all or even vaguely correctly. I know some of these mainstream technology reporters and whilst they are lovely people, when it comes to serious & complex security issues, they are rarely aware or have a clue.
I think you totally misunderstand my take on this. I was actually comparing the result of simple earlier hacks with the result of this failure, implying that even with complex protection the end result was somewhat similar. My referral to other operating systems was to wonder whether their lesser deference to outside control would improve their protection or recovery options.
I can see what happened and wonder how my old work collegues would be coping now. It is perhaps lucky that safe mode is still accessible on the PC's. I remember one time on my work PC when it got a denial of service bug where it wasn't and it took split second reactions to take out the malware before it booted up. Still that's another time.
Not being directly involved with an IT department I will stand aside now as my take is perhaps a bit out of line but I just think a bit in parells and possibilities.
Tracy
