this post was submitted on 22 Jul 2024
278 points (100.0% liked)
Technology
71448 readers
5424 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
That's not how any of this worked. Also not how working in a large team that develops for thousands of clients works. It wasn't just one dev that fucked up here.
Crowd Strike Falcon uses a signed boot driver. They don't want to wait for MS to get around to signing a driver if there's a zero day they're trying to patch. So they have an empty driver with null pointers to the meat of a real boot driver. If you fat finger a reg key, that file only containing the 9C character, points to another null pointer in a different file and you end up getting a non bootable system as the whole driver is now empty.
If you don't understand what I just said here's some folk that spent good time and effort to explain it.
https://www.youtube.com/watch?v=pCxvyIx922A&t=312s
https://www.youtube.com/watch?v=wAzEJxOo1ts