Miscellaneous Tech News
-
I don't want to be pretentious...
But box wine is for losers, only those that don't understand the value of glass are serious wine drinkers. I won't drink anything with a screw top or plastic cork either, only real tree bark for real wine.
Um yeah, pretentious.
-
For reference, I buy box wine.
-
After getting interrupted for the 3rd time when trying to ask questions, I wouldn't have cared at that point what the benefits were, I would've been DUDE! You're SO BEING A DICK RIGHT NOW!
-
-
Uber Breach 2022
The critical vulnerability that granted the attacker such high levels of access was hardcoded credentials in a PowerShell script
-
@Obsolesce said in Miscellaneous Tech News:
Uber Breach 2022
The critical vulnerability that granted the attacker such high levels of access was hardcoded credentials in a PowerShell script
Argh, why the heck is there Windows development on a platform like Uber? And who approved THAT GIT checkin?
-
@scottalanmiller said in Miscellaneous Tech News:
@Obsolesce said in Miscellaneous Tech News:
Uber Breach 2022
The critical vulnerability that granted the attacker such high levels of access was hardcoded credentials in a PowerShell script
Argh, why the heck is there Windows development on a platform like Uber? And who approved THAT GIT checkin?
No idea. Android and ios only AFAIK. No need for Windows. But I have a feeling that one who bakes credentials into scripts would do it in any scripting language. You'd also think a vulnerability like that would have been found during scanning. They must not have any devsecops or code scanning tools in place.
-
@Obsolesce said in Miscellaneous Tech News:
@scottalanmiller said in Miscellaneous Tech News:
@Obsolesce said in Miscellaneous Tech News:
Uber Breach 2022
The critical vulnerability that granted the attacker such high levels of access was hardcoded credentials in a PowerShell script
Argh, why the heck is there Windows development on a platform like Uber? And who approved THAT GIT checkin?
No idea. Android and ios only AFAIK. No need for Windows. But I have a feeling that one who bakes credentials into scripts would do it in any scripting language. You'd also think a vulnerability like that would have been found during scanning. They must not have any devsecops or code scanning tools in place.
Clearly no one is scanning or checking anything. That's the problem. And that's why Windows development is an issue, it starts a "trend" of looking the other way for obvious non-best practices. Once something so fundamental as making business software or production server software on a platform that is costly, risky and less performant (presumably to allow hiring less than capable developers - that's why that ecosystem exists there) then where do you start adding best practices when clearly, it's not even on the radar? you don't, it just doesn't make sense to. So you get here.
-
@scottalanmiller said in Miscellaneous Tech News:
@Obsolesce said in Miscellaneous Tech News:
Uber Breach 2022
The critical vulnerability that granted the attacker such high levels of access was hardcoded credentials in a PowerShell script
Argh, why the heck is there Windows development on a platform like Uber? And who approved THAT GIT checkin?
I'm sure their desktop environment is Windows for their non techies. And there's probably little to no separation between the Uber app platform and their staff.
-
@Dashrender said in Miscellaneous Tech News:
I'm sure their desktop environment is Windows for their non techies.
That's weird as that is a power user platform. You'd never put that in to make things harder jsut for the less capable staff if you don't for the good staff. But that's not really relevant, why would their applications be getting built on Windows regardless of that? And even if they were BUILT on Windows, why would the app deployment happen to Windows? What is used by some non-dev staff has zero to do with what is talking to their system.s
-
@scottalanmiller said in Miscellaneous Tech News:
@Dashrender said in Miscellaneous Tech News:
I'm sure their desktop environment is Windows for their non techies.
That's weird as that is a power user platform. You'd never put that in to make things harder jsut for the less capable staff if you don't for the good staff. But that's not really relevant, why would their applications be getting built on Windows regardless of that? And even if they were BUILT on Windows, why would the app deployment happen to Windows? What is used by some non-dev staff has zero to do with what is talking to their system.s
You're asking people to do things your way - we all know that's not the typical way.
-
@Dashrender said in Miscellaneous Tech News:
@scottalanmiller said in Miscellaneous Tech News:
@Dashrender said in Miscellaneous Tech News:
I'm sure their desktop environment is Windows for their non techies.
That's weird as that is a power user platform. You'd never put that in to make things harder jsut for the less capable staff if you don't for the good staff. But that's not really relevant, why would their applications be getting built on Windows regardless of that? And even if they were BUILT on Windows, why would the app deployment happen to Windows? What is used by some non-dev staff has zero to do with what is talking to their system.s
You're asking people to do things your way - we all know that's not the typical way.
No, I'm asking people to do their jobs and do them well. Nothing more. Basic competence.
-
Optus (second largest telco in Australia) has been compromised and customer data loss has been confirmed
https://www.itnews.com.au/news/optus-attack-exposes-customer-information-585567
-
How Citrix dropped the ball on Xen ... according to Citrix
-
@Danp said in Miscellaneous Tech News:
How Citrix dropped the ball on Xen ... according to Citrix
Jaja, yay I got sort of referenced (as the one who proposed XCP-NG. They also screwed themselves royally by mixing the names all over the place. They left that out, the utter market confusion that they created by calling everything Xen.
They did more than crush trust in Xen. They caused many people to simply distrust Citrix.
-
@scottalanmiller said in Miscellaneous Tech News:
Jaja, yay I got sort of referenced
The
"weird systems users": hobbyists who offer virtualization to non-profit and charity users, using old, out-of-maintenance hardware that had been inherited or passed on to them. Enthusiast users, with no funds to buy licenses? -
@Obsolesce said in Miscellaneous Tech News:
@scottalanmiller said in Miscellaneous Tech News:
Jaja, yay I got sort of referenced
The
"weird systems users": hobbyists who offer virtualization to non-profit and charity users, using old, out-of-maintenance hardware that had been inherited or passed on to them. Enthusiast users, with no funds to buy licenses?That too.
-
For almost two years, Microsoft officials botched a key Windows defense, an unexplained lapse that left customers open to a malware infection technique that has been especially effective in recent months.
Microsoft officials have steadfastly asserted that Windows Update will automatically add new software drivers to a blocklist designed to thwart a well-known trick in the malware infection playbook. The malware technique—known as BYOVD, short for "bring your own vulnerable driver"—makes it easy for an attacker with administrative control to bypass Windows kernel protections. Rather than writing an exploit from scratch, the attacker simply installs any one of dozens of third-party drivers with known vulnerabilities. Then the attacker exploits those vulnerabilities to gain instant access to some of the most fortified regions of Windows.
It turns out, however, that Windows was not properly downloading and applying updates to the driver blocklist, leaving users vulnerable to new BYOVD attacks.
-
@stacksofplates damn, that's significant.
-
@stacksofplates said in Miscellaneous Tech News:
For almost two years, Microsoft officials botched a key Windows defense, an unexplained lapse that left customers open to a malware infection technique that has been especially effective in recent months.
Microsoft officials have steadfastly asserted that Windows Update will automatically add new software drivers to a blocklist designed to thwart a well-known trick in the malware infection playbook. The malware technique—known as BYOVD, short for "bring your own vulnerable driver"—makes it easy for an attacker with administrative control to bypass Windows kernel protections. Rather than writing an exploit from scratch, the attacker simply installs any one of dozens of third-party drivers with known vulnerabilities. Then the attacker exploits those vulnerabilities to gain instant access to some of the most fortified regions of Windows.
It turns out, however, that Windows was not properly downloading and applying updates to the driver blocklist, leaving users vulnerable to new BYOVD attacks.
OK that's definitely bad that they don't block it - but since you're an admin - why do you even care? the article says that the attacker is starting as a local admin.
