That sounds fine if you have something reading the file independently. But the actual executable code should not be able to access its own comments.

Isn’t it still stealth if no one is alive to report it?

There’s white, gray and black hat… and then you have these guys, piss yellow hats.

That title needs some additional punctuation. Had to read it a few times!

I dunno, she seems to like my kisses too.

Except that only applies to federated servers that exist in the EU. If your data gets federated out to a country outside of the EU, they don’t have to listen to your whines of GDPR as it’s not enforceable. And given that you could be federated with hundreds of instances across the world, good luck.

I said the same thing with AI scraping. All someone needs is to add their own instance that federates with everyone else and they can scrape data for AI training till their heart’s content.

Honestly we do that when we ask and no one speaks up. Lovingly called the “scream test” as we wait to see who screams.

Giving back a 200 for an error always makes me bristle. Return correct codes people. “But the request to the web server was successful!”

I really hate the conflagration between AI and LLMs. We’re seeing a polishing of LLMs and they’re great for mimicking language, but they don’t “know” what they’re saying. We’re still quite a ways off from GenAI and have just started working on more specialized AI. But without some massive leaps in understanding logic and filtering out garbage it’s gonna be a while.

You just sound stuck up when you say that. Like “is windows still a thing? I didn’t know because I use Linux. Don’t you?”

Of course Google is still a thing, by far it’s still the largest search engine in use on the planet, so most people won’t notice it. If anything, this hurts all the not-Google users. Can you imagine if different sites started signing exclusivity deals with different search engines?

Well at least people will be used to seeing that after CrowdStrike.

I really wonder how much large scale energy production we’d need if every building was required to have solar. I know we’d need some energy storage tech such as batteries but I’m focusing more on the generation part.

I didn’t say it was, nor did I say UEFI was the problem. My point was additional applications or extensions at the UEFI layer increase the attack footprint of a system. Just like vPro, you’re giving hackers a method that can compromise a system below the OS. And add that in to laptops and computers that get plugged in random places before VPNs and other security software is loaded and you have a nice recipe for hidden spyware and such.

You’d have to have something even lower level like a OOB KVM on every workstation which would be stupid expensive for the ROI, or something at the UEFI layer that could potentially introduce more security holes.

I first dealt with them at least 10+ years ago and at the time they had no ability to do staged roll outs or targeted roll outs. We got updates when they said we did, no choice or control. We had to resort to updating our firewall to restrict the download endpoint and only open it in groups to do a phased update.

That sounds like a lawyers dream… “can’t provide it if it doesn’t exist” … now granted, if they got a subpoena they’d have to save it going forward, but before then, if their not bound by something that forces data retention, the less random data laying around the better.

Incidentally CrowdStrike has a Linux agent and my previous company was pushing us to install it to check another box on their Cyberliability insurance form. So this could just as easy happen there too.

More like CrashStrike

We had a bad CrowdStrike update years ago where their network scanning portion couldn’t handle a load of DNS queries on start up. When asked how we could switch to manual updates we were told that wasn’t possible. So we had to black hole the update endpoint via our firewall, which luckily was separate from their telemetry endpoint. When we were ready to update, we’d have FW rules allowing groups to update in batches. They since changed that but a lot of companies just hand control over to them. They have both a file system and network shim so it can basically intercept **everything **

Sock(ets)