• 0 Posts
  • 28 Comments
Joined 1 year ago
cake
Cake day: June 16th, 2023

help-circle









  • This sounds like a security nightmare though. A central repository of all code and keys is a gold mine for exploitation. Don’t get me wrong, I would really want this to work, but if it was compromised it could he catastrophic.

    I do think there should be regulations in place that are clearly and easily enforceable by the FTC though. I’d love to see companies be hit with fines and/or compulsory refunds if they stop supporting devices and don’t provide some path forward for customers to keep using the device. That doesn’t solve for startups that go out of business, but it would at least cover the tech giants who are doing this garbage.







  • Makes sense that it was a definitions update that caused this, and I get why that’s not something you’d want to lag behind on like you could with the agent. (Putting aside that one of the selling points of next-gen AV/EDR tools is that they’re less reliant on definitions updates compared to traditional AV.) It’s just a bit wild that there isn’t more testing in place.

    It’s like we’re always walking this fine line between “security at all costs” vs “stability, convenience, etc”. By pushing definitions as quickly as possible, you improve security, but you’re taking some level of risk too. In some alternate universe, CS didn’t push definitions quickly enough, and a bunch of companies got hit with a zero-day. I’d say it’s an impossible situation sometimes, but if I had to choose between outage or data breach, I’m choosing outage every time.