Programmer Humor

19175 readers

951 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 1 year ago

MODERATORS

[email protected]

1266

Malware As A Service (sh.itjust.works)

submitted 2 months ago by alphacyberranger to c/[email protected]

96 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 17 points 2 months ago (5 children)

Maybe this is a case of hindsight being 20/20 but wouldn't they have caught this if they tried pushing the file to a test machine first?

[–] [email protected] 6 points 2 months ago

It's a sequence of problems that lead to this:

The kernel driver should have parsed the update, or at a minimum it should have validated a signature, before trying to load it.
There should not have been a mechanism to bypass Microsoft's certification.
Microsoft should never have certified and signed a kernel driver that loads code without any kind signature verification, probably not at all.

Many people say Microsoft are not at fault here, but I believe they share the blame, they are responsible when they actually certify the kernel drivers that get shipped to customers.

load more comments (4 replies)