|
Ebury backdoors SSH servers in hosting providers, giving the malware extraordinary reach. Were they just trying to maintain it?
|
|
|
|
|
Where is now the "in Linux it doesn't happen" group?
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
They're busy hunting down more of these issues
TTFN - Kent
|
|
|
|
|
I don't think many people are onboard with my level of... we'll just call it paranoia because I don't care...
Nearly every machine on the planet is likely compromised. I think there's stuff 'living' in bioses, harddisk firmware, any bits of ROM that are somehow accessible, and all sorts of other ways I wouldn't even think of. Probably from here, I read about one that pulled its real payload from the YouTube comments sections where they'd commented a random video with code to pull down!
We don't do it, and I don't know that we could afford to, but once you know a machine is compromised I'm not sure why the assumption wouldn't be that unless you incinerate it then it is still infected.
I don't actually believe every malware/rootkit some scam call center bought actually goes to this 'nation state' seeming level of act. But I also don't think it's so sophisticated as to require a nation state and think there's more than a few nation states whose existence collectively makes it safe to assume that amongst them, someone has written "the one". It being some bits you can poke for and find just about everywhere... which should not be there.
|
|
|
|
|
The app lets them share screens, peripherals, and storage. "Thunderbolt and lightning, very, very frightening me"
|
|
|
|
|
Galileo, Galileo, Galileo, Galileo...
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Microsoft fixed a known issue breaking VPN connections across client and server platforms after installing the April 2024 Windows security updates. Coming soon: reports of what this broke
|
|
|
|
|
Article wrote: after installing the April 2024 Windows security updates. And that some days behind the "we will increase security"?
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
International Monetary Fund managing director Dr Kristalina Georgieva has warned of a "tsunami" hitting the global labor market as businesses adopt AI technologies. Time to get your surfboards out
|
|
|
|
|
Kent Sharkey wrote: Time to get your surfboards out I would go more for oxygen bottles, because a lot of places will sink like Atlantis
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Ever wonder what happens when you fall into a black hole? "Black hole sun, won't you come"
They reused footage from the classic Doctor Who opening
|
|
|
|
|
I have this sudden urge to listen to Pink Floyd.
"the debugger doesn't tell me anything because this code compiles just fine" - random QA comment
"Facebook is where you tell lies to your friends. Twitter is where you tell the truth to strangers." - chriselst
"I don't drink any more... then again, I don't drink any less." - Mike Mullikins uncle
|
|
|
|
|
... right, (as an esteemed colleague once said to me and my arrow: "It's all pink on the inside ..."
|
|
|
|
|
Developers owning security? Testing in production? Are you mad!? A DevSecOps expert makes the case for why a shift is inevitably coming. Our industry always has room for more bad ideas
|
|
|
|
|
It's kind of already happened.
Maybe it's different many places, but I really doubt it. I'd expect he may get into how network engineers don't know, understand, or care to understand the apps they are chucking into clouds and data centers.
It's always been a developer and a network engineer together, everywhere I have been, to diagnose/resolve issues. The latter because they have keys to the kingdom, mostly, and the former because they know what knobs to turn once inside.
|
|
|
|
|
But tests on prod?!?
TTFN - Kent
|
|
|
|
|
Kent Sharkey wrote: But tests on prod?!? What's the difference with test on customers or on users?
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
True, but we should act better than Microsoft, shouldn’t we?
TTFN - Kent
|
|
|
|
|
If it only were MS
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Maybe wonky... Kind of depends on some kind of risk assessment matrix.
We run some postmen against at least one API as a part of the deployment pipe and it happens in every environ. If they don't pass, rolling the deploy back immediately is two clicks.
At the same time, the ingress point is the same, but the traffic is being routed to two sets of servers. The load balancer will know if one doesn't respond and send the request to the other.
To the user, this should be nearly/totally invisible, even if we broke it.
|
|
|
|
|
Remember, everyone has a test system. Lucky developers also have a production system.
|
|
|
|
|
.NET Generic Math makes it possible to perform mathematical operations generically, meaning you don’t need to know the exact type you’re working with Something from something leaves something
|
|
|
|
|
Article wrote: meaning you don’t need to know the exact type you’re working with This is going to be fun when people start using mixed types...
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
This just in: Microsoft finally discovers abstraction.
|
|
|
|
|
Microsoft recently launched Trusted Signing in Public Preview, a fully managed end-to-end signing solution for developers backed by a Microsoft-managed certification authority. Sign on the dotted app
|
|
|
|