this post was submitted on 21 Jul 2024
191 points (76.5% liked)
Technology
59390 readers
3596 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Please, enlighten me how you'd remotely service a few thousand Bitlocker-locked machines, that won't boot far enough to get an internet connection, with non-tech-savvy users behind them. Pray tell what common "basic hygiene" practices would've helped, especially with Crowdstrike reportedly ignoring and bypassing the rollout policies set by their customers.
Not saying the rest of your post is wrong, but this stood out as easily glossed over.
Not using a proprietary, unvetted, auto-updating, 3rd party kernel module in essential systems would be a good start.
Back in the day companies used to insist upon access to the source code for such things along with regular 3rd party code audits but these days companies are cheap and lazy and don't care as much. They'd rather just invest in "security incident insurance" and hope for the best 🤷
Sometimes they don't even go that far and instead just insist upon useless indemnification clauses in software licenses. ...and yes, they're useless:
https://www.nolo.com/legal-encyclopedia/indemnification-provisions-contracts.html#:~:text=Courts%20have%20commonly%20held%20that,knowledge%20of%20the%20relevant%20circumstances).
(Important part indicating why they're useless should be highlighted)