Conversation
Notices
-
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Monday, 29-Jul-2024 09:58:46 JST 
Haelwenn /элвэн/ :triskell:
Kind of fun how I've seen few posts of people realizing that the kernel level anti-cheats could cause Crowdstrike levels of disasters as well.
Well yeah, don't fucking install rootkits, it's like a ton of people forgot https://en.wikipedia.org/wiki/Sony_rootkit- Sick Sun likes this.
-
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Monday, 29-Jul-2024 10:04:28 JST
Haelwenn /элвэн/ :triskell:
@feld Yeah, likely wouldn't take down important machines like crowdstrike did to servers but could still be pretty nasty.
After all Sony Rootkit somehow did end up on some important machines and I don't really believe security changed much since then. -
Embed this notice
feld (feld@bikeshed.party)'s status on Monday, 29-Jul-2024 10:04:29 JST 
feld
@lanodan that's always concerned me as well, but at least those anti-cheats aren't on important work computers (usually?) -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Monday, 29-Jul-2024 10:12:03 JST
Haelwenn /элвэн/ :triskell:
@feld Specially as while Crowdstrike ended up being basically a screwed up kernel security module so it's just machines being taken down and needing a patch, so not a long lasting impact.
The anti-cheat ones meanwhile could easily end up accidentally leaking data. -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Monday, 29-Jul-2024 10:13:43 JST
Haelwenn /элвэн/ :triskell:
@seanking or worse, computers aren't super-calculators anymore. -
Embed this notice
Sean King (seanking@kazv.moe)'s status on Monday, 29-Jul-2024 10:13:45 JST 
Sean King
@lanodan Pretty much any piece of software that relies on rooting into the OS/kernel of the machine for functionality can be the death of the machine. -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Monday, 29-Jul-2024 10:22:05 JST
Haelwenn /элвэн/ :triskell:
@seanking Well at least Crowdstrike is a security company, not a random game studio. -
Embed this notice
Sean King (seanking@kazv.moe)'s status on Monday, 29-Jul-2024 10:22:06 JST
Sean King
@lanodan Yeah. It's seriously fucked that there was even any trust for software companies like Crowdstrike. Especially for critical infrastructure. -
Embed this notice
LEdoian (ledoian@pleroma.ledoian.cz)'s status on Monday, 29-Jul-2024 10:22:49 JST 
LEdoian
@feld @lanodan I (my evil-ish part) sees this as an opportunity. CrowdStrike is bad, but corporates forget and people possibly too (“just a bunch of stuff didn't work for half a day 🤷”).
On the other hand, getting a lot of gamers around the world completely mad and vocal about it might actually be more memorable and push the ecosystem from this kinds of stuff.
Haelwenn /элвэн/ :triskell: likes this. -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Monday, 29-Jul-2024 10:31:14 JST
Haelwenn /элвэн/ :triskell:
@seanking Wouldn't be surprised of it just being "Woups, it got deployed in production without prior testing", specially as Crowdstrike kind of thing are reactive security so there's an incentive to push things nearly instantly. -
Embed this notice
Sean King (seanking@kazv.moe)'s status on Monday, 29-Jul-2024 10:31:15 JST
Sean King
@lanodan True. But even then, like how the fuck did they even manage to let that kind of corrupted update go through? That's suspicious regardless of the kind of company it is. -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Monday, 29-Jul-2024 10:33:35 JST
Haelwenn /элвэн/ :triskell:
@seanking That said the corruption part is kind of weird and so far I haven't seen any explainations about that.
All GNU social JP content and data are available under the