1164
Linux and Mac just got free advertisment.
CrowdStrike Holdings, Inc. is an American cybersecurity technology company based in Austin, Texas.
Never trust a texan
load more comments
(1 replies)
One possible fix is to delete a particular file while booting in safe mode. But then they'll need to fix each system manually. My company encrypts the disks as well so it's going to be a even bigger pain (for them). I'm just happy my weekend started early.
load more comments
(11 replies)
I was quite surprised when I heard the news. I had been working for hours on my PC without any issues. It pays off not to use Windows.
It's not a flaw with Windows causing this.
The issue is with a widely used third party security software that installs as a kernel level driver. It had an auto update that causes bluescreening moments after booting into the OS.
This same software is available for Linux and Mac, and had similar issues with specific Linux distros a month ago. It just didn't get reported on because it didn't have as wide of an impact.
load more comments
(8 replies)
load more comments
(1 replies)
Huh. I guess this explains why the monitor outside of my flight gate tonight started BSoD looping. And may also explain why my flight was delayed by an additional hour and a half...
My company used to use something else but after getting hacked switched to crowdstrike and now this. Hilarious clownery going on. Fingers crossed I'll be working from home for a few days before anything is fixed.
This is a better article. It's a CrowdStrike issue with an update (security software)
load more comments
(2 replies)
Irrelevant but I keep reading "crowd strike" as "counter strike" and it's really messing with me
load more comments
(2 replies)
Why is no one blaming Microsoft? It's their non resilient OS that crashed.
Probably because it's a Crowdstrike issue, they've pushed a bad update.
OK, but people aren't running Crowdstrike OS. They're running Microsoft Windows.
I think that some responsibility should lie with Microsoft - to create an OS that
- Recovers gracefully from third party code that bugs out
- Doesn't allow third party software updates to break boot
I get that there can be unforeseeable bugs, I'm a programmer of over two decades myself. But there are also steps you can take to strengthen your code, and as a Windows user it feels more like their resources are focused on random new shit no one wants instead of on the core stability and reliability of the system.
It seems to be like third party updates have a lot of control/influence over the OS and that's all well and good, but the equivalent of a "Try and Catch" is what they needed here and yet nothing seems to be in place. The OS just boot loops.
load more comments
(5 replies)
I see a lot of hate ITT on kernel-level EDRs, which I wouldn't say they deserve. Sure, for your own use, an AV is sufficient and you don't need an EDR, but they make a world of difference. I work in cybersecurity doing Red Teamings, so my job is mostly about bypassing such solutions and making malware/actions within the network that avoids being detected by it as much as possible, and ever since EDRs started getting popular, my job got several leagues harder.
The advantage of EDRs in comparison to AVs is that they can catch 0-days. AV will just look for signatures, a known pieces or snippets of malware code. EDR, on the other hand, looks for sequences of actions a process does, by scanning memory, logs and hooking syscalls. So, if for example you would make an entirely custom program that allocates memory as Read-Write-Execute, then load a crypto dll, unencrypt something into such memory, and then call a thread spawn syscall to spawn a thread on another process that runs it, and EDR would correlate such actions and get suspicious, while for regular AV, the code would probably look ok. Some EDRs even watch network packets and can catch suspicious communication, such as port scanning, large data extraction, or C2 communication.
Sure, in an ideal world, you would have users that never run malware, and network that is impenetrable. But you still get at avarage few % of people running random binaries that came from phishing attempts, or around 50% people that fall for vishing attacks in your company. Having an EDR increases your chances to avoid such attack almost exponentionally, and I would say that the advantage it gives to EDRs that they are kernel-level is well worth it.
I'm not defending CrowdStrike, they did mess up to the point where I bet that the amount of damages they caused worldwide is nowhere near the amount damages all cyberattacks they prevented would cause in total. But hating on kernel-level EDRs in general isn't warranted here.
Kernel-level anti-cheat, on the other hand, can go burn in hell, and I hope that something similar will eventually happen with one of them. Fuck kernel level anti-cheats.
load more comments
(1 replies)
No one bother to test before deploying to all machines? Nice move.
This outage is probably costing a significant portion of Crowd strike's market cap. They're an 80 billion dollar company but this is a multibillion outage.
Someone's getting fired for this. Massive process failures like this means that it should be some high level managers or the CTO going out.
load more comments
(6 replies)
load more comments
(1 replies)
this post was submitted on 19 Jul 2024
1164 points (100.0% liked)
Technology
59612 readers
3117 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS