Sign in / up

* Posts by GeoffAnonymoosehead

3 publicly visible posts • joined 31 May 2024

EU gave CrowdStrike the keys to the Windows kernel, claims Microsoft

GeoffAnonymoosehead

Microsoft have cheek don't they?

So basically Micosoft are selling a product, that, out of the bag, is already inherently insecure.

Think about that.

So you have to either apply their own ropey solution to make it secure or buy a 3rd party bit of software to make it secure.

WHY ISN'T IT SECURE FROM THE GET GO.

What level of incompetence and arrogance does Microsoft have to blame someone for its own generated problem?

If it could write a proper secure OS then there would be no need for 3rd party software.

It is like Microsoft if sold boats, as soon as you got it home and floated it, it would be regularly developing holes and trying to sink, so you have to spend all your time plugging holes that spontaneously appear. It would also just sink with no warning occassionally anyway.

How long would they be in business for?

Why do we accept it? They have had 11 versions of doing this.

1 2

CrowdStrike file update bricks Windows machines around the world

GeoffAnonymoosehead

Bug will always happen (well until we get AI to replace all the developers)

BUT it is not Crowdstrikes fault because the companies should be doing test deployments to their dev machines first, BEFORE rolling it out.

JUST LIKE EVERY OTHER BIT OF PRODUCTION CODE THEY DEPLOY.

Not sure why they are deploying security software straight into production without checking it.

Every company suffering an outage should be saying its their own fault for blindly trusting a 3rd party.

It is that simple.

What sort of audit controls are in place?

I'm sure lots of security teams are now thinking the same thing.

2 1

Cybercriminals raid BBC pension database, steal records of over 25,000 people

GeoffAnonymoosehead
Reply Icon

Re: 2 years monitoring services?!

Until there are harsher penalties for having a data breach this will continue. Already it seems to be commonplace and accepted.

That is not acceptable.

The "2 years of Experian" should be extended to "lifetime" and a payment to the individual concerned should also be arranged depending on the nature of the data and incompetence showed.

The ICO should be doing stuff, but currently it seems completely toothless, just like ever other compliance body in this country (i.e. ofwat - the sewage/water company issues.... dont drink tap water).

If the company cannot afford the insurance for that, then it should not be storing your data.

If it is not confident it can protect your data then it should not have your data.

GDPR is basically a total failure.

It is that simple.

4 0