|
|
Thank you kindly.
I learned from the kindly provided article a "wild" pointer was dereferenced and its use was not caught by QA and no "canary" release was performed also something re/ kernels which I am not qualified to fully understand. The remaining questions are how in the world can a programmer no doubt superior to myself dereference a so called wild pointer something I have never done and find easy to avoid doing. Why QA did not catch the bug. Why was no canary release performed.
"... as likely as lightning striking a leprechaun whilst riding a unicorn."
|
|
|
|
|
What is about the IT members who have to this sovle that?
I mean every HD is usually secured by bitlocker. What, when the responsible ITs do, if they have no access to that info?
Fortunately it looks like, some IT persons still had access to that information while using - a not affected- linux thingy
|
|
|
|
|
Bitlocker protects against ransomware through professional courtesy.
GCS/GE d--(d) s-/+ a C+++ U+++ P-- L+@ E-- W+++ N+ o+ K- w+++ O? M-- V? PS+ PE Y+ PGP t+ 5? X R+++ tv-- b+(+++) DI+++ D++ G e++ h--- r+++ y+++* Weapons extension: ma- k++ F+2 X
The shortest horror story: On Error Resume Next
|
|
|
|
|
Bah! They wouldn't recognize the judicious use of reversing the polarity of the neutron flow.
|
|
|
|
|
If you want a breakdown from someone who actually knows about low-level programming, check out the latest episode (984) of Security Now from Steve Gibson.
|
|
|
|
|
"CrowdStrike lawyers dropped the cone of silence ..."
|
|
|
|
|
Wow! Leo Laporte! I used to watch his show on ZDTV back in the late 90s. Good to see he is still around.
"Go forth into the source" - Neal Morse
"Hope is contagious"
|
|
|
|
|
He's been around and has been busy with his podcast network ever since ZDTV. Sadly, like all podcasts these days, he's not doing as well financially as he might have just a short while ago, but he's still going.
He's got other podcasts on a lot of topics (all tech) but these days I'm only listening to Security Now and Windows Weekly.
|
|
|
|
|
On the technical side - a securitiy update file came out all zeros after download. The code didn't checked it and tried to use one of those zeroes as address, which crashed the software. As the software runs in kernel mode that crash automatically raised the BSOD...
"It never ceases to amaze me that a spacecraft launched in 1977 can be fixed remotely from Earth." ― Brian Cox
|
|
|
|
|
Kornfeld Eliyahu Peter wrote: On the technical side - a securitiy update file came out all zeros after download.
Then you'd think, of all things, a security update would be signed, and the OS would've picked up the fact that its content didn't match what it was supposed to be and stopped everything in its tracks. Unless there's something about that process that I don't understand.
|
|
|
|
|
It WAS signed - with the wrong content in it...
"It never ceases to amaze me that a spacecraft launched in 1977 can be fixed remotely from Earth." ― Brian Cox
|
|
|
|
|
Kornfeld Eliyahu Peter wrote: It WAS signed - with the wrong content in it...
Well that changes everything, doesn't it? You wrote:
a securitiy update file came out all zeros after download
I'm thinking "after download" is wrong; this infers that the file got corrupt in transit and no longer matches the source - and the signature would confirm that.
If, however, the file contained all zeroes (and was signed like that) before the download, and the downloaded copy matches the original, then the problem is a bad file that a signature check will confirm to be okay. In that case, there's something wrong with the process that allowed the file to get signed without first verifying its content (somehow).
|
|
|
|
|
dandy72 wrote: there's something wrong with the process that allowed the file to get signed without first verifying its content Exactly. They blamed it on a bug in their QA software.
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
When QA itself is being automated, you have to ensure your tests can anticipate the unpredictable, no matter how unlikely. That's a tall order. And a terrible idea all around.
I mean, was anyone who installed that update unaffected? If it's a 100% crash rate, then CrowdStrike has a lot to answer for, starting with, how was it unable to detect the problem before it got released to the world?
|
|
|
|
|
|
We have a spammer who has been posting "great blog" and a HTML free URL for about a year now and has evolved the "great blog" part to try and get it through - I think he's on template #8 or so now.
The latest incarnation is
URL
I wonder, do you get a lot of spam messages? Because I do and it's driving me mad...
Nope, that didn't get through either ...
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Why we can't have nice things.
|
|
|
|
|
|
No, and that's final.
I’ve given up trying to be calm. However, I am open to feeling slightly less agitated.
I’m begging you for the benefit of everyone, don’t be STUPID.
|
|
|
|
|
Wordle 1,135 3/6*
⬜⬜🟩🟨⬜
🟩⬜🟩🟩🟩
🟩🟩🟩🟩🟩
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
🟨⬜⬜⬜⬜
⬜⬜🟩⬜🟨
⬜⬜🟩🟨⬜
🟩🟨🟩⬜⬜
🟩⬜🟩🟩🟩
🟩🟩🟩🟩🟩
In a closed society where everybody's guilty, the only crime is getting caught. In a world of thieves, the only final sin is stupidity. - Hunter S Thompson - RIP
|
|
|
|
|
Wordle 1,135 5/6
⬜🟨⬜🟨⬜
🟩⬜🟩⬜⬜
🟩⬜🟩⬜🟨
🟩🟩🟩🟨⬜
🟩🟩🟩🟩🟩
Within you lies the power for good - Use it!
|
|
|
|
|
Wordle 1,135 5/6
⬛⬛🟩⬛⬛
🟩⬛🟩⬛⬛
🟩⬛🟩🟩🟩
🟩⬛🟩🟩🟩
🟩🟩🟩🟩🟩
Ok, I have had my coffee, so you can all come out now!
|
|
|
|
|
Wordle 1,135 4/6
⬜⬜⬜⬜⬜
⬜⬜⬜⬜🟨
⬜🟨⬜🟩⬜
🟩🟩🟩🟩🟩
"A little time, a little trouble, your better day"
Badfinger
|
|
|
|