Security Leftovers
-
Linux.org ☛ CrowdStrike Outage Exposes backdoored Windows Risks: Why GNU/Linux is the Better Choice
On July 19, 2024, a significant incident underscored the vulnerabilities of backdoored Windows for mission-critical tasks. A CrowdStrike sensor configuration update caused system crashes and blue screens of death (BSOD) on millions of backdoored Windows devices, disrupting businesses, hospitals, airlines, and more. -
The Cyber Show ☛ Endpoint sovereignty: Why the CrowdStrike outage is just the beginning.
Wealthy folks with giant castles can afford guards. Their minions patrol the perimeter and grounds chasing off invaders. But the guards have strict instructions. They are most definitely not allowed to rummage through the office drawers, or make themselves comfortable in the bedroom. And for those working people who hire nannies or cleaners, they also set very strict limits on what they can do on the property.
A different problem is that people do not understand computers. As we live today, when we don't understand something we are happy to let expert tradesmen deal with it. Plumbers can fix pipes, and electricians can fix wires, but we still own our house. Letting the plumber repair the bath does not entitle the plumber to move in and start using the bathroom. So we trust that the plumber will do a good job, and then leave. Would you allow random strangers to move in to your house, and allow them to live in your house while you pay them to "protect" your stuff?
Some people are so clueless about computers, yet at the same time worried about being hacked, that they hire professional hackers to be inside their computer to protect it. This is called "endpoint managed security".
[....]
Endpoint "security" is a dumb idea
Let's shift focus now from CrowdStrike, and indeed Microsoft to look at the bigger picture.
If you leave guards in charge of your castle, and they get drunk and lose the keys or decide to take over the castle. you may come back to a castle you're locked out of. MSP vendors open up the path to a serious a breech of ownership.
As Agent Smith says in The Matrix;
"I say your civilisation because as soon as we started thinking for you it really became our civilisation which is of course what this is all about."
Ownership brings responsibility, which is something many of us shy from these days. Just making a living seems a burden enough, and the world is so complex - so why care? Computers were once something that people recognised as potentially dangerous enough to require a "licence" to operate. Today we give them to 6 year-olds. And yet the retort of those who sell managed security products is "people are too stupid to manage their own computer security".
-
Bloomberg ☛ FBI Used New Cellebrite Software to Access Trump Shooter’s Phone
As the FBI struggled to gain access on Sunday morning to the phone, they appealed directly to Cellebrite, a digital intelligence company founded in Israel that supplies technology to several US federal agencies, according to the people, who requested anonymity to speak freely about the case.
-
Security Week ☛ Two Members of LockBit Ransomware Group Plead Guilty in US Court [Ed: Windows TCO]
A Russian national and a dual Canadian and Russian national pleaded guilty in the US for roles in LockBit ransomware attacks.