this post was submitted on 19 Jul 2024

1278 points (99.4% liked)

Programmer Humor

19570 readers

1646 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 1 year ago

MODERATORS

Feyter@programming.dev

anzo@programming.dev

BurningTurtle@programming.dev

pylapp@programming.dev

1278

Malware As A Service (sh.itjust.works)

submitted 4 months ago by alphacyberranger@sh.itjust.works to c/programmer_humor@programming.dev

96 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] Solemarc@lemmy.world 17 points 4 months ago (5 children)

Maybe this is a case of hindsight being 20/20 but wouldn't they have caught this if they tried pushing the file to a test machine first?

[–] undu@lemmy.world 6 points 3 months ago

It's a sequence of problems that lead to this:

The kernel driver should have parsed the update, or at a minimum it should have validated a signature, before trying to load it.
There should not have been a mechanism to bypass Microsoft's certification.
Microsoft should never have certified and signed a kernel driver that loads code without any kind signature verification, probably not at all.

Many people say Microsoft are not at fault here, but I believe they share the blame, they are responsible when they actually certify the kernel drivers that get shipped to customers.

load more comments (4 replies)