You must log in or register to comment.
Funny how CrowdStrike already sounds like some malware’s name.
It literally sounds like a DDoS!
Botnet if you will
Not too surprising if the people making malware, and the people making the security software are basically the same people, just with slightly different business models.
Reminds me of the tyre store that spreads tacks on the road 100m away from their store in the oncoming lanes.
People get a flat, and oh what do you know! A tyre store! What a lucky coincidence.
Classic protection racket. “Those are some nice files you’ve got there. It’d be a shame if anything happened to them…”
It sounds like the name of a political protest group.
This is, in a lot of ways, impressive. This is CrowdStrike going full “Hold my beer!” about people talking about what bad production deploy fuckups they made.
I’m volunteering to hold their beer.
Everyone remember to sue the services not able to provide their respective service. Teach them to take better care of their IT landscape.
Typically auto-applying updates to your security software is considered a good IT practice.
Ideally you’d like, stagger the updates and cancel the rollout when things stopped coming back online, but who actually does it completely correctly?
Applying updates is considered good practice. Auto-applying is the best you can do with the money provided. My critique here is the amount of money provided.
Also, you cannot pull a Boeing and let people die just because you cannot 100% avoid accidents. There are steps in between these two states.
you cannot pull a Boeing and let people die
You say that, but have you considered the savings?
People are temporary. Money is forever.
I have. They are not mine. The dead people could be.
Edit: I understand you were being sarcastic. This is a topic where I chose to ignore that.
That’s totally fair. :)
I work at a different company in the same security space as cloudstrike, and we spend a lot of time considering stuff like “if this goes sideways, we need to make sure the hospitals can still get patient information”.
I’m a little more generous giving the downstream entities slack for trusting that their expensive upstream security vendor isn’t shipping them something entirely fucking broken.
Like, I can’t even imagine the procedureal fuck up that results in a bsod getting shipped like that. Even if you have auto updates enabled for our stuff, we’re still slow rolling it and making sure we see things being normal before we make it available to more customers. That’s after our testing and internal deployments.I can’t put too much blame on our customers for trusting us when we spend a huge amount of energy convincing them we can be trusted to literally protect all their infrastructure and data.
You seem knowledgable. I’m surprised that it’s even possible for a software vendor to inject code into the kernel. Why is that necessary?
I can put the blame to your customers. If I make a contract with a bank they are responsible for my money. I don’t care about their choice of infrastructure. They are responsible for this. They have to be sued for this. Same for hospitals. Same for everyone else. Why should they be exempt from punishment for not providing the one service they were trusted to provide? Am I expected to feel for them because they made the “sensible choice” of employing the cheapest tools?
This was a business decision to trust someone external. It should not be tolerated that they point their fingers elsewhere.
I’m actually willing to believe that CrowdStrike was actually compromised by a bad actor that realised how fragile CS was.
You know you’ve done something special when you take down somebody else’s production system.
*production systems around whole world
Few people can put that into their CVs, that a real achievement!
The real malware is the security software we made along the way.
We’ve known that since Norton and McAfee.
At least McAfee’s antics were entertaining
The guy left his company long before the shenanigan cascade
After working at a company that had Crowdstrike installed on all machines, it is most certainly malware.
A real Anakin arc right here.
Now threat actors know what EDR they are running and can craft malware to sneak past it. yay(!)
Yes but the difference is one of them is also going to help you fix it.
deleted by creator
SHOULD’VE USED OPENBSD LMAO
Who says it was accidental?
Netflix knew they were going to move from DVD rentals to streaming over the Internet. It is right in their name.
CrowdStrike knew they were eventually going to _________. It is right in their name.
ItS NoT A wInDoWs PrObLeM – Idiots, even on Lemmy
You can not like windows, and also recognize that CrowdStrike isn’t from Microsoft - so a problem that CrowdStrike caused isn’t the fault of Windows.
If that makes me a idiot by holding two different ideas in my head, so be it, but you are spending time with us, so thank you for elevating us!
I’m sorry, but distinguishing between different concepts is forbidden here. You go straight to jail.
I’m waiting for the post mortem before declaring this to not be anything to do with MS tbh. It’s only affecting windows systems and it wouldn’t be the first time dumb architectural decisions on their part have caused issues (why not run the whole GUI in kernel space? What’s the worst that could happen?)
I agree it’s possible. But if you’re a software as a service vendor, it is your responsibility to be in the alpha and beta release channels, so if there is a show stopping error coming down the pipeline you can get in front of it.
But more tellingly, we have not seen Windows boot loop today from other vendors, only this vendor. Right now the balance of probabilities is in the direction of crowd strike
Ah yes the classic presumption of guilt, a keystone of justice
I’m not sure how to break this to you but this is just an internet forum, not a court of law
The reason courts use it is because they value having true opinions. But you’re welcome to not value that indeed
The reason courts have rules of how convinced one must be to declare guilt is because they dread punishing an innocent over allowing a guilty person free
We aren’t in a position to hurt the probably guilty party so it doesn’t matter a bit of we jump to conclusions unfairly
Because it isn’t. Their Linux sensor also uses a kernel driver, which means they could have just as easily caused a looping kernel panic on every Linux device it’s installed on.
There’s no way of knowing that, though. Perhaps their Linux and Darwin drivers wouldn’t have paniced the system?
Regardless, doing almost anything at the kernel level is never a good idea
Also, it’s less about “their” drivers and more about what a kernel module can do.
Saying “there’s no way to know” doesn’t fit, because we do know that a malformed kernel module can destabilize a linux or mac system.“Malformed file” isn’t a programming defect or something you can fix by having a better API.
Having the data exposed to userspace via an API would avoid having to have a kernel module at all… Which when malformed wouldn’t compromise the kernel.
I mean, sure. But typically operating systems don’t expose that type of information to user space, instead providing a kernel interface with user mode configuration.
It’s why they use the same basic approach on mac and Linux.
Security operations being one of the things that is often best done at the kernel level because of the need to monitor network and file operations in a way you can’t in user mode.
“even on Lemmy”
Like this is some highbrow collection of geniuses here?
No just statistically we are all Arch (btw) Linux users who hate Windows.
deleted by creator
