this post was submitted on 19 Jul 2024

1265 points (99.4% liked)

Programmer Humor

19397 readers

235 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 1 year ago

MODERATORS

Feyter@programming.dev

anzo@programming.dev

BurningTurtle@programming.dev

pylapp@programming.dev

1265

Malware As A Service (sh.itjust.works)

submitted 3 months ago by alphacyberranger@sh.itjust.works to c/programmer_humor@programming.dev

91 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] undu@lemmy.world 5 points 3 months ago

It's a sequence of problems that lead to this:

The kernel driver should have parsed the update, or at a minimum it should have validated a signature, before trying to load it.
There should not have been a mechanism to bypass Microsoft's certification.
Microsoft should never have certified and signed a kernel driver that loads code without any kind signature verification, probably not at all.

Many people say Microsoft are not at fault here, but I believe they share the blame, they are responsible when they actually certify the kernel drivers that get shipped to customers.