idk if people on tumblr know about this but a cybersecurity software called crowdstrike just did what is probably the single biggest fuck up in any sector in the past 10 years. it's monumentally bad. literally the most horror-inducing nightmare scenario for a tech company.

some info, crowdstrike is essentially an antivirus software for enterprises. which means normal laypeople cant really get it, they're for businesses and organisations and important stuff.

so, on a friday evening (it of course wasnt friday everywhere but it was friday evening in oceania which is where it first started causing damage due to europe and na being asleep), crowdstrike pushed out an update to their windows users that caused a bug.

before i get into what the bug is, know that friday evening is the worst possible time to do this because people are going home. the weekend is starting. offices dont have people in them. this is just one of many perfectly placed failures in the rube goldburg machine of crowdstrike. there's a reason friday is called 'dont push to live friday' or more to the point 'dont fuck it up friday'

so, at 3pm at friday, an update comes rolling into crowdstrike users which is automatically implemented. this update immediately causes the computer to blue screen of death. very very bad. but it's not simply a 'you need to restart' crash, because the computer then gets stuck into a boot loop.

this is the worst possible thing because, in a boot loop state, a computer is never really able to get to a point where it can do anything. like download a fix. so there is nothing crowdstrike can do to remedy this death update anymore. it is now left to the end users.

it was pretty quickly identified what the problem was. you had to boot it in safe mode, and a very small file needed to be deleted. or you could just rename crowdstrike to something else so windows never attempts to use it.

it's a fairly easy fix in the grand scheme of things, but the issue is that it is effecting enterprises. which can have a looooot of computers. in many different locations. so an IT person would need to manually fix hundreds of computers, sometimes in whole other cities and perhaps even other countries if theyre big enough.

another fuck up crowdstrike did was they did not stagger the update, so they could catch any mistakes before they wrecked havoc. (and also how how HOW do you not catch this before deploying it. this isn't a code oopsie this is a complete failure of quality ensurance that probably permeates the whole company to not realise their update was an instant kill). they rolled it out to everyone of their clients in the world at the same time.

and this seems pretty hilarious on the surface. i was havin a good chuckle as eftpos went down in the store i was working at, chaos was definitely ensuring lmao. im in aus, and banking was literally down nationwide.

but then you start hearing about the entire country's planes being grounded because the airport's computers are bricked. and hospitals having no computers anymore. emergency call centres crashing. and you realised that, wow. crowdstrike just killed people probably. this is literally the worst thing possible for a company like this to do.

crowdstrike was kinda on the come up too, they were starting to become a big name in the tech world as a new face. but that has definitely vanished now. to fuck up at this many places, is almost extremely impressive. its hard to even think of a comparable fuckup.

a friday evening simultaneous rollout boot loop is a phrase that haunts IT people in their darkest hours. it's the monster that drags people down into the swamp. it's the big bag in the horror movie. it's the end of the road. and for crowdstrike, that reaper of souls just knocked on their doorstep.

This sounds fun. 🏦

INTERVIEW: @nyancrimew on online privacy and operational security

Our interview series about practical tactics to keep yourself and your community safe from the rising tide of fascism continues this week as Josh talks with maia arson crimew (it/she), a hacktivist and past guest on the show. Topics include:

The mechanics of how corporations and governments identify and track you across virtual and real-world spaces

Common ways that your devices give away information without your knowledge and how to disable those features

What encryption is and why it matters, especially when it comes to law enforcement

Tools that you can use to anonymize your usage online

Hackers (1995)

Hey y'all, there's been a zero-day vulnerability found in WinRAR, so you gotta update it if you're on an older version (anything below 6.24/6.23). It doesn't auto update so you need to do it manually. It's been around for a few months and has been fixed, but if you don't update your shit then your computer will still be vulnerable.

please reblog this so that people learn about it or whatever (10/19/23)

Love Under the Red Hood as a story but this always stood out to me.

Quick doodle to reacquaint myself with drawing.

With Trump headed back to office, now is a good time to beef up your digital security.

Here's the Feminist Guide to Digital Security & 4 tips to get started.

Alt-text included on all pieces.

August 2016: Australia’s national census night fails after authorities report the website is receiving a sophisticated DDOS attack that has taken it offline.

It was later revealed that the so called “attack” was actually just the entire population of Australia attempting to complete the census.

Hey everyone. Friendly reminder that if you get a pm such as this, DO NOT click ANY suspicious links. Or any links in general. These are bots made to steal your data, and do not have your best interests in mind. Instead, you should click „Mark as spam.“ to remove the message.

Again; NEVER CLICK THESE LINKS. Just mark as spam and move on with your day.

ㅇㅅㅇ (use firefox)

U.K. orders Apple to let it spy on users’ encrypted accounts

Security officials in the United Kingdom have demanded that Apple create a back door allowing them to retrieve all the content any Apple user worldwide has uploaded to the cloud, people familiar with the matter told The Washington Post.

The British government’s undisclosed order, issued last month, requires blanket capability to view fully encrypted material, not merely assistance in cracking a specific account, and has no known precedent in major democracies. Its application would mark a significant defeat for tech companies in their decades-long battle to avoid being wielded as government tools against their users, the people said, speaking under the condition of anonymity to discuss legally and politically sensitive issues.

Rather than break the security promises it made to its users everywhere, Apple is likely to stop offering encrypted storage in the U.K., the people said. Yet that concession would not fulfill the U.K. demand for backdoor access to the service in other countries, including the United States.

The office of the Home Secretary has served Apple with a document called a technical capability notice, ordering it to provide access under the sweeping U.K. Investigatory Powers Act of 2016, which authorizes law enforcement to compel assistance from companies when needed to collect evidence, the people said.

The law, known by critics as the Snoopers’ Charter, makes it a criminal offense to reveal that the government has even made such a demand. An Apple spokesman declined to comment.

Apple can appeal the U.K. capability notice to a secret technical panel, which would consider arguments about the expense of the requirement, and to a judge who would weigh whether the request was in proportion to the government’s needs. But the law does not permit Apple to delay complying during an appeal.

In March, when the company was on notice that such a requirement might be coming, it told Parliament: “There is no reason why the U.K. [government] should have the authority to decide for citizens of the world whether they can avail themselves of the proven security benefits that flow from end-to-end encryption.”

I made a tool that takes an image and visualizes how vulnerabilities in some encryption methods allow patterns to be discerned from it, even after encryption. I find the resulting effects to be very interesting!

if you want to try this yourself, you can download the tool here! https://espimyte.itch.io/eyecrypt

stardom dreams, stalking devices and the secret conglomerate selling both

over the last half a year, @rhinozzryan and i have worked on an investigation into Tracki, a "world leader in GPS tracking", and ExploreTalent, one of the biggest talent listing services in the world. what the hell do those two have in common?

(feature art by @catmask)