* Posts by Optimaximal

21 publicly visible posts • joined 22 May 2015

Windows Patch Tuesday update might send a user to the BitLocker recovery screen

Optimaximal

Re: Incompetent shitshow of a company

"IT'S NOT GOOD ENOUGH MICROSOFT, GET YOUR SHIT TOGETHER AND START BECOMING A SERIOUS OS!"

They literally are, hence why they're mandating drive encryption!

"IHow in the name of fuck does Apple manage to encrypt their computers with no sudden "enter your key" messages after an update, whereas this is a regular occurrence with Microsoft? It's same old, same old with MS - lack of quality control, strongarming their customers into a corner and moving the goalposts."

Apple employ hardware encryption because they control the full device spec, whereas Microsoft are obviously reliant on third parties implementing looser standards, although this was the hoohah behind Windows 11 requiring on-CPU TPM - its a guarenteed standard that prevents people shipping devices unable to support the security standard.

As for unlocking the device, Apple use an identical process to Microsoft - Primary key stored in the TPM/Enclave and a backup recovery key that needs to either be stored in a cloud account (365 or iCloud respectively) or written down/saved to an external drive. Your Apple devices security processor can fail/be cleared just like a Windows device TPM and your system drive won't unlock...

Optimaximal

Re: Spiral

I mean, I feel you're MASSIVELY overreacting here. Drive Encryption is a good thing, you know..?

CrowdStrike blames a test software bug for that giant global mess it made

Optimaximal

Re: It worked on my machine!

But you *know* that CS will have mitigated any liability in their SLAs.

Optimaximal

Re: It worked on my machine!

But given the increasing reliance on SaaS, Cloud & External computing, you can't always rely on others also applying that logic/practice.

EU gave CrowdStrike the keys to the Windows kernel, claims Microsoft

Optimaximal

If they did that, they'd be accused of attempting to build their monopoly again, especially as it's intrisincally linked to 365 now.

Optimaximal

That's hardly fair - Microsoft have tried many times to completely tear apart the Windows Kernel to improve it, but it ultimately ends up breaking compatibility with all the old software that glues together many of the worlds big corporations, so they're effectively forced to keep selling the same leaky sieve with a refreshed user interface.

There's often no reason why Windows 10 & 11 should need to run old Windows 95/98/NT/XP software, but Microsoft made it so that we can.

Optimaximal

The location of the computer has nothing to do with it. The EU is a big enough regulatory body that they can exert influence on multi-nationals. They basically told Microsoft 'you need to allow third parties to create security software with the same low-level system access as your first-party software does, otherwise you won't be able to sell Windows in the EU'. Microsoft responded by granting this access. Ultimately, this is just normal behaviour - the same behaviour that forced Microsoft to disconnect Internet Explorer from Windows and allowed Firefox & Chrome to thrive.

The problem was *Crowdstrike* had a significatn process failure and their software driver doesn't conduct a sanity check on what it's running - these are the problem that needs fixing - but it's likely that Microsoft has an agreement with Crowdstrike that prevents them calling them out for this, so the only response available is to diss the regulatory body...

Optimaximal

Re: Crap!

All EDR is like this. If any AV was not flagged as essential for boot then malware would simply work to get itself loaded before the AV and shut it down.

The fix here is at the production stage with vendors not putting out junk updates and handling them correct when accidents happen.

Optimaximal

Re: Am I missing something?

For some reason, Smart Fridges are a thing. Given how shoddily programmed most IOT products are, it's definitely possible that if some random internet-based service failed due to the Crowdstrike failure then the device also wouldn't handle the failure correctly.

Of course, you'd likely still be able to open the fridge.

Optimaximal

Re: Am I missing something?

We've always used Sophos, McAfee/Trellix and now Defender for Business. As a result, I've never seen Kapersky, Panda or Crowdstrike.

Doesn't mean I don't think it or other products exist! :D

Optimaximal

Re: Seems like some anti EU horseshit

I think the implicit assumption is most credible businesses have some form of layered testing/production process for delivering Windows Updates in a staged manner. In addition to this, said updates have already been through Canary/Beta/Preview rings, so issues with general compatibility and performance have been identified.

EDR/AV updates run on such a short timeframe from creation to deployment that this isn't feasible.

Optimaximal

Re: Wrong question

So are you suggesting all businesses write their own AV/Anti-Malware/EDR software now?

As catastrophic as this was globally, this was a fairly simple problem - Ultimately, it's on Crowdstrike to look at their processes and software and fix them so the problem can never happen again.

Optimaximal

Re: "CrowdStrike marked their driver as a boot driver"

"So it is down to the shitty Windows environment once again. No surprise there."

I mean, it's not...

"The precise cause of the IT outage was a null pointer issue in a dynamic data file downloaded as a Cy file, which contained only zeros instead of pcode or malware definitions. The CrowdStrike driver that processes and handles these updates is not very resilient and lacks adequate parameter validation, leading to the entire system crashing and depositing users into the recovery blue screen."

Chrome's HTTPS padlock heads to Google Graveyard

Optimaximal

And I thought we'd just got to the stage where someone carrying a blue tick was as far from a proof of identity as possible!

For password protection, dump LastPass for open source Bitwarden

Optimaximal

Re: Don't rely on a single password

Unfortunately it's just for the initial login, unless you tell it to sign in and out (with associated MFA prompt) every time you view a password.

Fix network printing or keep Windows secure? Admins would rather disable PrintNightmare patch

Optimaximal

One issue for us is we still have a small number of clients hanging around on Windows 7 (pending hardware upgrades) and these are unable to receive the January update that allowed for the new encryption MS are using, so basically if you're still a Windows 7 house without Extended Support, you need to apply the registry fix ASAP.

Microsoft struggles to wake from PrintNightmare: Latest print spooler patch can be bypassed, researchers say

Optimaximal

If it helps, they released the 2016 patch this morning, less than 24 hours after the other ones.

To Microsoft's credit, this is an out-of-band release being done because some careless Chinese infosec's released the PoC early - if they hadn't done so, all the releases would have come next Tuesday on the same day.

UK Info Commish quietly urged court to swat away 100k Morrisons data breach sueball

Optimaximal

KPMG should have attended site and retrieved the data themselves - the email/communications trail that lead to KPMG entrusting Skelton with the task will be key here.

If he roadblocked them about them coming to get it themselves, effectively engineering the situation where he would have to personally extract the data, then they're in the clear. If they cut corners to save money or time, then they should be in the dock too.

Optimaximal

No, he was a senior Morrisons employee working with KPMG to provide the data to them for the audit.

IMO, this represents a failing from KPMG too - when we're being audited at work, the auditors attend site with their own encrypted USB sticks for retrieving data - it's then under their jurisdiction and they're required to a) protect it and b) not leave the site with it without authorisation.

PCI council gives up, dumbs down PCI DSS for small business

Optimaximal

This is but a dip in the water - they've just released the DSS 3.1 which mandates the disabling of SSL 3.0 (yeah, fine) or (uh-oh) TLS 1.0 Of course, nobody has had a cursory glance at the many key business systems that do not function with TLS 1.1 or upwards.

Some of them you might even have heard of! Oh, hi Microsoft, fancy updating your older, actively supported versions of Exchange or SQL Server any time soon?