This is a most excellent place for technology news and articles.
Every affected company should be extremely thankful that this was an accidental bug, because if crowdstrike gets hacked, it means the bad actors could basically ransom I don't know how many millions of computers overnight
Not to mention that crowdstrike will now be a massive target from hackers trying to do exactly this
Don't Google solar winds
Holy hell
New vulnerability just dropped
Oooooooo this one again thank you for reminding me
security as a service is about to cost the world a pretty penny.
You mean it's going to cost corporations a pretty penny. Which means they'll pass those "costs of operation" on to the rest of us. Fuck.
well, the world does include the rest of us.
and its not just opeerational costs. what happens when an outage lasts 3+ days and affects all communication and travel? thats another massive shock to the system.
they come faster and faster.
On Monday I will once again be raising the point of not automatically updating software. Just because it's being updated does not mean it's better and does not mean we should be running it on production servers.
Of course they won't listen to me but at least it's been brought up.
I've got a feeling crowdstrike won't be as grand of target anymore. They're sure to lose a lot of clients...at least until they spin up a new name and erease all traces of "crowdstrike".
Third parties being able to push updates to production machines without being tested first is giant red flag for me. We’re human … we fuck up. I understand that. But that’s why you test things first.
I don’t trust myself without double checking, so why would we completely trust a third party so completely.
If I had to bet my money, a bad machine with corrupted memory pushed the file at a very final stage of the release.
The astonishing fact is that for a security software I would expect all files being verified against a signature (that would have prevented this issue and some kinds of attacks
Which is still unacceptable.
So here's my uneducated question: Don't huge software companies like this usually do updates in "rollouts" to a small portion of users (companies) at a time?
I mean yes, but one of the issuess with "state of the art av" is they are trying to roll out updates faster than bad actors can push out code to exploit discovered vulnerabilities.
The code/config/software push may have worked on some test systems but MS is always changing things too.
the smart ones probably do
This file compresses so well. 🤏
If it had been all ones this could have been avoided.
Just needed to add 42k of ones to balance the data. Everyone knows that, like tires, you need to balance your data.
d'00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000!Damnit you're comment just crashed the rest of the computers that were still up.
Imagine the world if those companies were using Atomic distribution and the only thing you would need to do is to boot the previous good image.
The fact that a single bad file can cause a kernel panic like this tells you everything you need to know about using this kind of integrated security product. Crowdstrike is apparently a rootkit, and windows apparently has zero execution integrity.
I’m not sure why you think this statement is so profound.
CrowdStrike is expected to have kernel level access to operate correctly. Kernel level exceptions cause these types of errors.
Windows handles exceptions just fine when code is run in user space.
This is how nearly all computers operate.
This is a pretty hot take. A single bad file can topple pretty much any operating system depending on what the file is. That's part of why it's important to be able to detect file corruption in a mission critical system.
Security products of this nature need to be tight with the kernel in order to actually be effective (and prevent actual rootkits).
That said, the old mantra of "with great power" comes to mind...
Yeah pretty much all security products need kernel level access unfortunately. The Linux ones including crowdstrike and also the Open Source tools SELinux and AppArmor all need some kind of kernel module in order to work.
have they ruled out any possibility of a man in the middle attack by a foreign actor?
This was not a cyberattack.
https://www.crowdstrike.com/blog/statement-on-falcon-content-update-for-windows-hosts/
I guess they could be lying, but if they were lying, I don’t know if their argument of “we’re incompetent” is instilling more trust in them.
"We are confident that only our engineers can fuck up so much, instead of our competitors"
The CEO made a statement to the effect of "It's not an attack, it's just me and my company being shockingly incompetent." He didn't use exactly those words but that was the gist.
How can all of those zeroes cause a major OS crash?
If I send you on stage at the Olympic Games opening ceremony with a sealed envelope
And I say "This contains your script, just open it and read it"
And then when you open it, the script is blank
You're gonna freak out
Ah, makes sense. I guess a driver would completely freak out if that file gave no instructions and was just like "..."
