Iโd laugh if this wasnโt affecting me directly.
I laugh and it does/did(over now) affect me. Bwahaha. Im getting work done and nobody can interrupt with email.
Sometimes you have to learn the hard wayโฆ
the good news is that it does make windows more secure. you cant hack something that has crashed.
Remember guys, it took about a decade for Solar Winds to discover somebody had root access to everybody that used their software, another decade for somebody outside Solar Winds to discover it and tell everybody, and half a decade with nobody claiming to have solved the issue up to now.
So when you believe that your computer with an EDS is safe just because you canโt use it, think again.
Reminds me of a local cyber security firm, which declares war on a group of hackers. The CEO went on television to โdouble dog dareโ the hackers to hack their servers and claim their firewalls are impenetrable.
Well you can guess the results, within 48 hours, their servers went down one after another. And when shit about to hit the fan, they literally turned off all of their servers for days. They hired a 3rd party IT firm to patch their security, then the CEO declared victory in a local newspaper.
Similar thing happened to the idiot CEO of Lifelock that used to advertise his actual social security number everywhere.
I really donโt want to be the guy responsible for this fuck up
For a company this big it would also have to have gotten past a code review and QA team, right? โฆ right? โฆ
Code review, QA team, hours of being baked on an internal test network, incremental exponential roll out to the world, starting slow so that any problems can be immediately rolled back. If they didnโt have those basics, they have no business being a tech company, let alone a security company who puts out windows drivers.
Yeah, something this big is absolutely not one engineerโs fault. Even if that engineer maliciously pushed an update, itโs not their fault โ it was a complete failure of the organization, and one person having the ability to wreck havoc like this is the failure.
And I actually have some amount of hope that, in this case, it is being recognized as such.
No they wonโt, not if theyโre in the slightest bit competent.
Blameless post-mortem culture is very common at big IT organizations. For a fuck-up this size, there are going to be dozens of problems identified, from bad QA processes, to bad code review processes, to bad documentation, to bad corner cases in tools.
There will probably be some guy (or gal) who pushed the button, but unless what that person did was utterly reckless (like pushing an update while high or drunk, or pushing a change then turning off her phone and going dark, or whatever) the person who pushed the button will probably be a legend to their peers. Even if they made a big mistake, if they followed standard procedures while doing it, almost everyone will recognize theyโre not at fault, they just got to be the unlucky person who pushed the button this time.
