1
83
submitted 3 months ago by L3s@lemmy.world to c/technology@lemmy.world

Greetings everyone,

We wanted to take a moment and let everyone know about the !business@lemmy.world community on Lemmy.World which hasn't gained much traction. Additionally, we've noticed occasional complaints about Business-related news being posted in the Technology community. To address this, we want to encourage our community members to engage with the Business community.

While we'll still permit Technology-related business news here, unless it becomes overly repetitive, we kindly ask that you consider cross-posting such content to the Business community. This will help foster a more focused discussion environment in both communities.

We've interacted with the mod team of the Business community, and they seem like a dedicated and welcoming group, much like the rest of us here on Lemmy. If you're interested, we encourage you to check out their community and show them some support!

Let's continue to build a thriving and inclusive ecosystem across all our communities on Lemmy.World!

2
527
3
96
submitted 8 hours ago by jeffw@lemmy.world to c/technology@lemmy.world
4
165

Cybersecurity firm Crowdstrike pushed an update that caused millions of Windows computers to enter recovery mode, triggering the blue screen of death. Learn ...

5
50

cross-posted from: https://lemmy.blahaj.zone/post/14490289

Steve from Gamers Nexus explicitly states that they "can't recommend Intel CPUs right now" until Intel provides information and assurance to customers

Intel what are you doing? Shit's on fire, yo

6
163
submitted 10 hours ago by lemmee_in@lemm.ee to c/technology@lemmy.world

Windows 11 and Windows 10 were recently updated with “Windows Backup”, which has now become a system app. While the feature initially appeared as “optional” or something that could be easily dismissed, Microsoft is slowly getting aggressive with its new OneDrive backup campaign on Windows 11.

Windows 11’s “Windows Backup” uses OneDrive to back up many of the things that are important to you. This may include your credentials, settings, pictures, documents, videos, files, themes, or even audio settings. Microsoft wants the Windows Backup app to become the ultimate backup tool, but there’s a catch.

Windows Backup does not support offline backups and requires a OneDrive plan. By default, OneDrive offers 5GB of free storage, which is why some users do not want to backup their PC. But is that going to stop Microsoft from pestering users? Probably not. In a new server-side update, Windows 11 has started nagging users to try the Backup tool.

7
30

cross-posted from: https://lemmy.ml/post/18186772

8
239
submitted 12 hours ago by neme@lemm.ee to c/technology@lemmy.world
9
181
submitted 12 hours ago* (last edited 12 hours ago) by AmbiguousProps@lemmy.today to c/technology@lemmy.world

According to the documents, Cellebrite could not unlock any iPhones running iOS 17.4 or newer as of April 2024, labeling them as “In Research.” For iOS versions 17.1 to 17.3.1, the company could unlock the iPhone XR and iPhone 11 series using their “Supersonic BF” (brute force) capability. However, iPhone 12 and newer models running these iOS versions were listed as “Coming soon.”

The Android support matrix showed broader coverage for locked Android devices, though some limitations remained. Notably, Cellebrite could not brute force Google Pixel 6, 7, or 8 devices that had been powered off. The document also specifically mentioned GrapheneOS, a privacy-focused Android variant reportedly gaining popularity among security-conscious users.

Links to the docs:

iPhone

Android

GrapheneOS has a thread about this on Mastodon, which adds a bit more detail:

Cellebrite was a few months behind on supporting the latest iOS versions. It's common for them to fall a few months behind for the latest iOS and quarterly/yearly Android releases. They've had April, May, June and July to advance further. It's wrong to assume it didn't change.

404media published an article about the leaked documentation this week but it doesn't go into depth analyzing the leaked information as we did, but it didn't make any major errors. Many news publications are now writing highly inaccurate articles about it following that coverage.

The detailed Android table showing the same info as iPhones for Pixels wasn't included in the article. Other news publications appear to be ignoring the leaked docs and our thread linked by 404media with more detail. They're only paraphrasing that article and making assumptions.

We received Cellebrite's April 2024 Android and iOS support documents in April and from another source in May before publishing it. Someone else shared those and more documents on our forum. It didn't help us improve GrapheneOS, but it's good to know what we're doing is working.

It would be a lot more helpful if people leaked the current code for Cellebrite, Graykey and XRY to us. We'll report all of the Android vulnerabilities they use whether or not they can be used against GrapheneOS. We can also make suggestions on how to fix vulnerability classes.

In April, Pixels added a reset attack mitigation feature based on our proposal ruling out the class of vulnerability being used by XRY.

In June, Pixels added support for wipe-without-reboot based on our proposal to prevent device admin app wiping bypass being used by XRY.

In Cellebrite's docs, they show they can extract the iOS lock method from memory on an After First Unlock device after exploiting it, so the opt-in data classes for keeping data at rest when locked don't really work. XRY used a similar issue in their now blocked Android exploit.

GrapheneOS zero-on-free features appear to stop that data from being kept around after unlock. However, it would be nice to know what's being kept around. It's not the password since they have to brute force so it must be the initial scrypt-derived key or one of the hashes of it.

10
419
submitted 15 hours ago by 1984@lemmy.today to c/technology@lemmy.world

Netflix execs needs a new jet.

11
528
submitted 17 hours ago* (last edited 17 hours ago) by Aatube@kbin.melroy.org to c/technology@lemmy.world

…according to a Twitter post by the Chief Informational Security Officer of Grand Canyon Education.

So, does anyone else find it odd that the file that caused everything CrowdStrike to freak out, C-00000291-
00000000-00000032.sys was 42KB of blank/null values, while the replacement file C-00000291-00000000-
00000.033.sys was 35KB and looked like a normal, if not obfuscated sys/.conf file?

Also, apparently CrowdStrike had at least 5 hours to work on the problem between the time it was discovered and the time it was fixed.

12
178

#killedbygoogle

  • Google's URL shortening service goo.gl links will stop working on August 25th, 2025, resulting in 404 errors.
  • Starting August 23rd, 2024, goo.gl links will show an interstitial page warning users of the upcoming shutdown.
  • Google initially suggested migrating to Firebase Dynamic Links (FDL), which has also since been deprecated.
13
231

cross-posted from: https://yall.theatl.social/post/3229309

From the Atlanta Daily World:

In a surprising yet increasingly common move, Microsoft has quietly dismantled its team dedicated to diversity, equity, and inclusion (DEI).  The decision, communicated via email to the affected employees on July 1, cited “changing business needs” as the reason for the layoffs. While the exact number of employees impacted remains unclear, the team’s lead didn’t … Continued

The post Microsoft Says Bye-Bye DEI, Joins Growing List Of Corporations Dismantling Diversity Teams appeared first on Atlanta Daily World.

14
144
submitted 17 hours ago by jlh@lemmy.jlh.name to c/technology@lemmy.world

https://web.archive.org/web/20240719155854/https://www.wired.com/story/crowdstrike-outage-update-windows/

"CrowdStrike is far from the only security firm to trigger Windows crashes with a driver update. Updates to Kaspersky and even Windows’ own built-in antivirus software Windows Defender have caused similar Blue Screen of Death crashes in years past."

"'People may now demand changes in this operating model,' says Jake Williams, vice president of research and development at the cybersecurity consultancy Hunter Strategy. 'For better or worse, CrowdStrike has just shown why pushing updates without IT intervention is unsustainable.'"

15
436
submitted 20 hours ago by lemmee_in@lemm.ee to c/technology@lemmy.world

IT administrators are struggling to deal with the ongoing fallout from the faulty CrowdStrike update. One spoke to The Register to share what it is like at the coalface.

Speaking on condition of anonymity, the administrator, who is responsible for a fleet of devices, many of which are used within warehouses, told us: "It is very disturbing that a single AV update can take down more machines than a global denial of service attack. I know some businesses that have hundreds of machines down. For me, it was about 25 percent of our PCs and 10 percent of servers."

He isn't alone. An administrator on Reddit said 40 percent of servers were affected, along with 70 percent of client computers stuck in a bootloop, or approximately 1,000 endpoints.

Sadly, for our administrator, things are less than ideal.

Another Redditor posted: "They sent us a patch but it required we boot into safe mode.

"We can't boot into safe mode because our BitLocker keys are stored inside of a service that we can't login to because our AD is down.

16
171

These days, our biometric data is valuable to businesses for security purposes, to enhance customer experience or to improve their own efficiency.

Facial recognition technology [...] scans images or videos from devices including CCTV cameras and picks out faces.

From supermarkets to car parks and railway stations, CCTV cameras are everywhere, silently doing their job. But what exactly is their job now?

Businesses may justify collecting biometric data, but with power comes responsibility and the use of facial recognition raises significant transparency, ethical, and privacy concerns.

If your password gets stolen, you can change it. If your credit card is compromised, you can cancel it. But your face? That’s permanent. Biometric data is incredibly sensitive because it cannot be altered once it’s compromised. This makes it a high-stakes game when it comes to security.

17
228
  • A global Microsoft Windows outage, caused by a CrowdStrike software update, has disrupted airlines, banking services, and 911 lines, leading to grounded flights and long queues.
  • The issue resulted in many systems experiencing the “Blue Screen of Death” (BSOD), affecting major carriers and airports worldwide, and also impacted the London Stock Exchange and Australian banking systems.
  • CrowdStrike has identified and isolated the defect, deploying a fix, but recovery is expected to be slow due to the need for manual intervention on affected devices.
18
1137
submitted 1 day ago* (last edited 1 day ago) by rxxrc@lemmy.ml to c/technology@lemmy.world

All our servers and company laptops went down at pretty much the same time. Laptops have been bootlooping to blue screen of death. It's all very exciting, personally, as someone not responsible for fixing it.

Apparently caused by a bad CrowdStrike update.

Edit: now being told we (who almost all generally work from home) need to come into the office Monday as they can only apply the fix in-person. We'll see if that changes over the weekend...

19
510
20
24
submitted 18 hours ago by smb@lemmy.ml to c/technology@lemmy.world

looks like:

  • They claimed to be a trustworthy public CA (that can handle security incidents)
  • They made commitments to be included as trustworthy in common Browsers and OS'es
  • They now willfully break those commitments to rely on 2B2F only...
  • They do not even answer valid questions for month in a process that they should have already completed within 5 days as was defined in the commitments they agreed upon.

Maybe Honest Achmed's Used Cars and Certificates should show up again once more !?

21
161
submitted 1 day ago* (last edited 1 day ago) by BodaciousMunchkin@links.hackliberty.org to c/technology@lemmy.world
22
329

cross-posted from: https://lemmy.ml/post/18147280

X, the social media platform owned by Trump megadonor Elon Musk, is promoting Trump campaign-curated content to all U.S. users, regardless of whether they have opted out of Trump-related content.

On the platform formerly known as Twitter, banner ads for the Trump campaign donning the #Trump2024 tag appear for all U.S. users, even those who’ve blocked words, topics, and hashtags related to the candidate or his campaign or muted the advertiser.

Additionally, the #MAGA tag displays an edited image of the former president from his attempted assassination and the #Trump2024 hashtag displays an American flag.

It is unclear whether the Trump campaign paid for the images on the #Trump2024 and #MAGA tags, though an advertisement for the tag on the site’s trending page reads “Promoted by Team Trump.” As Mashable noted, it is the first time the platform has enabled the image feature to promote a specific political candidate.

Clicking the Trump2024 tag also prompts American flag graphics to flood the screen.

23
172
24
386
submitted 1 day ago* (last edited 1 day ago) by tek@calckey.world to c/technology@lemmy.world
25
168
view more: next ›

Technology

56032 readers
5286 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS