The driver is some kind of AV/Signature detection hook. E.g check every open() for this list of checksums and refuse to open known viruses style system. The 'update' was a borked definition file which triggered a bug in that system.
It's not code execution without signing, and I think probably they do want these files to be updated hands free.
The real problem was the lack of testing, rather than the actual mechanism I think.
This is the nugget of the issue. The code-signing process, in this case, was abused to verify something that, fundamentally, cannot give the guarantee "Doesn't crash your OS" because it is allowed to run arbitrary code in the form of novel commands in what is essentially a DSL. So if code-signing is supposed to be a guarantee from MS that "this code can't crash your system," it should never have been signed... But then MS would have been on hooks for blocking a competitor.
To get a driver signed by Microsoft, the developer of the driver is required to provide a full cert pass log from the Windows Hardware Lab Kit to dev center [0]. Do you have any article that says the CrowdStrike driver has been tested by Microsoft?
To avoid going through the full cert process the sensor was certified but it loaded code from an uncertified module too so that it could be quickly updated to catch new threats. It's a tough corner to be in, to function properly it needs to update very quickly but the cert process takes a while to complete so they went with this work around of a signed module loading uncertified code.
...you want Microsoft to forbid you from running certain kinds of programs on your own machine, even if you really, really insist on it, do I understand you correctly?
More like: "...you want Microsoft to forbid you from running certain kinds of programs (with gaping security holes / processes) on your own machine" YES
You're moving the goal post waaaay far down. How about just following best practices? How about not allowing runtime code injection? Turns out security holes often have much in common, and with ways to mitigate them. Stop 100% of security holes? nah. Stop 99.9% of security holes? Yes and what an improvement.
I also think Microsoft should be responsible, they gave the keys to sign the kernel driver so I expect that driver to at least be subject to regular testing and scrutiny not just when initial release was made.
They didn't "give the keys", they have a signing infrastructure that is meant to be used for validating organizational identity and origins of code. They have a quality checking system, but it's only required for certain levels of Microsoft backing. I think it used to be called the Windows Logo Program or something?
You are right Microsoft are not checking the 3rd party code itself they are only running a lot of tests on the compiled code.
There is a recent video now from a former Microsoft employee where he explains that those drivers that get WHQL certification are ran on test machines in stress conditions for some time, or at least that is how it used to be when he worked there.
Since that process is probably quite slow to be able to push update within a couple hours Crowdstrike just bypassed the QA testing by injecting their own data files into the driver.
It depends if the tickets are trip based or time based, for time based system you don't always need validator.
I have visited Prague in 2019 and their subway had no barriers, ticket machines were tucked somewhere in the corner so that I had to actively look around.
Interestingly the metal poles where sticking out of the floor up to waist height with a spacing like that they used to have validators on them before.
Since I had a 3 day ticket and I validated it on the bus when going from the airport I didn't need a validator. Their trams and buses had validators in usual places, so subway probably has them too but not in an obvious place or the ticket machines already print ticket with time on it so you don't need to validate it.
There is a screenshot of an email that someone from Ukraine sent to Sony support and their response was that you can create an account using PS5 but not from a PC.
Before internet was commonplace you would have to go to a doctor and get a paper prescription which was sometimes done on a paper with watermarks and verification was that this piece of paper has a stamp or a seal on it and doctor's signature.
There were more forgeries with paper prescription than there is with online system.
In Ontario my doctor sends prescriptions "electronically". In practice it's not clear whether this is like an email, or whether someone behind the scenes prints out the prescription and faxes it. Apparently the local clinic has a team that is solely responsible for faxing things on behalf of the doctors.
Here in europe it is a government database where all the clinics and pharmacies are connected to, so doctor essentially creates a record in the database.
When you visit pharmacy they ask for id and enter your id number system shows them all your active prescriptions and past ones as well, which sometimes helps when your prescription is not renewed for some reason they can give you a week supply while you sort it out.
That depends on the country. In France it varies by doctor, some will use Doctolib (a great third party private company that does appointment scheduling, video consultations and digital prescriptions) which allows you to have a digital prescription that you click on a button in the app/website to share with a specific pharmacy, and when you get there they just get your social security card and... then print out your prescription, and scan and print on it how and when was it fulfilled. Others just give you an old fashioned hand written note, or print an A4 sheet of paper.
I can only see it using dism to apply the patch but there is no commands to manipulate partition size so if the cause is lack of free space it will fail same as update did.
Here in europe that is exactly what I see, a store will show me tracking number and if I click on it carrier website says - "Label printed" so you know it is not picked up yet.
DPD carrier does it like that.
You are correct, I can not find where arbitration is forbidden in the directive also it is quite the opposite.
I think in this particular case we are talking about Directive 2011/83/EU of the European Parliament and of the Council on consumer rights.
Article 6(1)
(t) where applicable, the possibility of having recourse to an out-of-court complaint and redress mechanism, to which the trader is subject, and the methods for having access to it.
ADR is not forbidden. But it is regulated by 2013/11/EU [1]. In particular:
"
(43)
An agreement between a consumer and a trader to submit complaints to an ADR entity should not be binding on the consumer if it was concluded before the dispute has materialised and if it has the effect of depriving the consumer of his right to bring an action before the courts for the settlement of the dispute. Furthermore, in ADR procedures which aim at resolving the dispute by imposing a solution, the solution imposed should be binding on the parties only if they were informed of its binding nature in advance and specifically accepted this. Specific acceptance by the trader should not be required if national rules provide that such solutions are binding on traders."
If you accept payments via Paypal you can't withdraw money for 21 days, at least that is the case in the company I work for. Explanation is that in case a dispute will be issued so that they can refund, so my guess is large proportion of those funds is such payments being held.
Ah, thanks, that's what I had in mind :)
So while the original advise holds, commercial users are locked out of three weeks of payments of they're frozen for random bs.
I think it depends on the country your business is in (i.e. local laws and regulations) and what is your transaction volume is through Paypal, if you have large transaction volume I am pretty sure you will get better conditions.
Our company has very low volume through Paypal, we only provide it as a convenience and we had to limit payment amount due to fraud we had in the past, so these are likely the worst conditions you can possibly get.
My guess is that they look at application analytics what features are used and how often and see that in 40% of cases the send friend request form is not being submitted and just closed.
