idk if people on tumblr know about this but a cybersecurity software called crowdstrike just did what is probably the single biggest fuck up in any sector in the past 10 years. it's monumentally bad. literally the most horror-inducing nightmare scenario for a tech company.

some info, crowdstrike is essentially an antivirus software for enterprises. which means normal laypeople cant really get it, they're for businesses and organisations and important stuff.

so, on a friday evening (it of course wasnt friday everywhere but it was friday evening in oceania which is where it first started causing damage due to europe and na being asleep), crowdstrike pushed out an update to their windows users that caused a bug.

before i get into what the bug is, know that friday evening is the worst possible time to do this because people are going home. the weekend is starting. offices dont have people in them. this is just one of many perfectly placed failures in the rube goldburg machine of crowdstrike. there's a reason friday is called 'dont push to live friday' or more to the point 'dont fuck it up friday'

so, at 3pm at friday, an update comes rolling into crowdstrike users which is automatically implemented. this update immediately causes the computer to blue screen of death. very very bad. but it's not simply a 'you need to restart' crash, because the computer then gets stuck into a boot loop.

this is the worst possible thing because, in a boot loop state, a computer is never really able to get to a point where it can do anything. like download a fix. so there is nothing crowdstrike can do to remedy this death update anymore. it is now left to the end users.

it was pretty quickly identified what the problem was. you had to boot it in safe mode, and a very small file needed to be deleted. or you could just rename crowdstrike to something else so windows never attempts to use it.

it's a fairly easy fix in the grand scheme of things, but the issue is that it is effecting enterprises. which can have a looooot of computers. in many different locations. so an IT person would need to manually fix hundreds of computers, sometimes in whole other cities and perhaps even other countries if theyre big enough.

another fuck up crowdstrike did was they did not stagger the update, so they could catch any mistakes before they wrecked havoc. (and also how how HOW do you not catch this before deploying it. this isn't a code oopsie this is a complete failure of quality ensurance that probably permeates the whole company to not realise their update was an instant kill). they rolled it out to everyone of their clients in the world at the same time.

and this seems pretty hilarious on the surface. i was havin a good chuckle as eftpos went down in the store i was working at, chaos was definitely ensuring lmao. im in aus, and banking was literally down nationwide.

but then you start hearing about the entire country's planes being grounded because the airport's computers are bricked. and hospitals having no computers anymore. emergency call centres crashing. and you realised that, wow. crowdstrike just killed people probably. this is literally the worst thing possible for a company like this to do.

crowdstrike was kinda on the come up too, they were starting to become a big name in the tech world as a new face. but that has definitely vanished now. to fuck up at this many places, is almost extremely impressive. its hard to even think of a comparable fuckup.

a friday evening simultaneous rollout boot loop is a phrase that haunts IT people in their darkest hours. it's the monster that drags people down into the swamp. it's the big bag in the horror movie. it's the end of the road. and for crowdstrike, that reaper of souls just knocked on their doorstep.

stardom dreams, stalking devices and the secret conglomerate selling both

over the last half a year, @rhinozzryan and i have worked on an investigation into Tracki, a "world leader in GPS tracking", and ExploreTalent, one of the biggest talent listing services in the world. what the hell do those two have in common?

(feature art by @catmask)

Hey y'all, there's been a zero-day vulnerability found in WinRAR, so you gotta update it if you're on an older version (anything below 6.24/6.23). It doesn't auto update so you need to do it manually. It's been around for a few months and has been fixed, but if you don't update your shit then your computer will still be vulnerable.

please reblog this so that people learn about it or whatever (10/19/23)

Love Under the Red Hood as a story but this always stood out to me.

Quick doodle to reacquaint myself with drawing.

Hackers (1995)

August 2016: Australia’s national census night fails after authorities report the website is receiving a sophisticated DDOS attack that has taken it offline.

It was later revealed that the so called “attack” was actually just the entire population of Australia attempting to complete the census.

Hey everyone. Friendly reminder that if you get a pm such as this, DO NOT click ANY suspicious links. Or any links in general. These are bots made to steal your data, and do not have your best interests in mind. Instead, you should click „Mark as spam.“ to remove the message.

Again; NEVER CLICK THESE LINKS. Just mark as spam and move on with your day.

ㅇㅅㅇ (use firefox)

I made a tool that takes an image and visualizes how vulnerabilities in some encryption methods allow patterns to be discerned from it, even after encryption. I find the resulting effects to be very interesting!

if you want to try this yourself, you can download the tool here! https://espimyte.itch.io/eyecrypt

You other web hosts can't deny That when a load time's more than an itty bitty wait And a hacker's in your space You get... Well, pretty upset. That's not something to take lightly. That's why you shouldn't settle for those other web hosts. You need WordPress VIP: the world's most popular content management system, built with enterprise-grade security and reliability. 🤝

look ma, I'm in an article! and another!

OPINION: stop studying cybersecurity because of me

im trying to get u into activism, not college

source 1

source 2

source 3

me: *trying to set up a vet appointment for my cat*

y2k, 24 years late:

Hackers (1995)