this post was submitted on 19 Jul 2024
523 points (99.2% liked)

Technology

59589 readers
2936 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] Badeendje@lemmy.world 31 points 4 months ago (4 children)

This is going to turn out it was a hack in several months right?

[–] Munkisquisher@lemmy.nz 53 points 4 months ago (2 children)

Won't take that long, security researchers are already decompiling the update to see if it was malicious or incompetence.

[–] Badeendje@lemmy.world 26 points 4 months ago (1 children)

This is going to be Solarwinds all over again I can just smell it.

[–] UnderpantsWeevil@lemmy.world 15 points 4 months ago (2 children)
[–] SourceHuman@lemmy.world 4 points 4 months ago

Source: xkcd - "Dependency" - https://xkcd.com/2347/

[–] Badeendje@lemmy.world 1 points 4 months ago

Yeah.. applicable on soo many levels.

[–] 0x0@programming.dev 50 points 4 months ago (2 children)

Hacks of this grade tend to be targeted, this is most likely incompetence.

[–] Badeendje@lemmy.world 5 points 4 months ago* (last edited 4 months ago) (1 children)

A lot of companies will get calls from the "provider" offering help with mitigation so that additional features can also be installed. This is a time to be extra wary.

Edited: spelling

[–] Evil_incarnate@lemm.ee 0 points 4 months ago (1 children)

Think big. This may have had a target. But hitting the target only wasn't possible so everyone got hit.

It's possible those responsible only had this weapon that was capable of hitting the target, maybe the plan was to disrupt world flights to make someone late tomorrow, who knows. Maybe poo-tin or Xi-the-Pooh wanted to hit America and its allies?

[–] 0x0@programming.dev 5 points 4 months ago* (last edited 4 months ago)

A state actor will use more precise techniques to attack specific targets. Think SolarWinds and Stuxnet.

Ransomware doesn't apply here and tends to depend on phishing first anyway.

Even terrorists have specific targets in mind.

So it's either Bond villains or incompetence.

Edit: The only way i can fit your comment would be an incompetent script kiddy. Even then, doesn't make sense as all systems were not directly attacked, as would be the case, but rather through what would have to be a side-channel attack, so no.

[–] UnderpantsWeevil@lemmy.world 15 points 4 months ago (3 children)

Never attribute to maliciousness that which can be explained by incompetence.

That said, I'm sure the Crowdstrike CEO is currently on a phone call with three of their pet Congresscritters asking if they can get a $100M grant to harden their systems against Russia/China/NKorea/Antifa interference right now.

[–] Semi_Hemi_Demigod@lemmy.world 10 points 4 months ago (1 children)

"Senator, we were hacked by gay furries."

[–] Raxiel@lemmy.world 6 points 4 months ago

"We need to get more of our own gay furries! There's a gay furry gap!"

[–] Hazzia@infosec.pub 3 points 4 months ago

If I ever become a super 1337 hacker I'm going to setup all of my exploits to look like it could be regular mismanagement, thanks for the advice

[–] rottingleaf@lemmy.world 2 points 4 months ago

While being simultaneously gang...handled by the unnamed 3-letter agencies representatives