A-Net Online

  1. Forum
  2. Zer0net
  3. 0N-HPCAV

  • Crowdstrike...

    From xqtr@911:30210/0 to All on Sun Jul 21 11:35:12 2024
    I haven't heard of them, until now... What do you think?

    To me, it seems stupid to just be an upgrade issue, with such huge consequences. It's more possible to be a hacking/cracking thing in the Crowdstrike services and try to cover up, than a flop in some upgrade.

    For sure Crowdstrike, will be affected, economically and will have huge losses. I don't know about Microsoft, which is a monopoly and users/companies can't go somewhere else, not without spending a lot of money.

    With the world and the global economy turning to be a digital economy, this was a big hit, specially in the Western companies and economies, as China, Russia and other Eastern economies didn't get affected.

    .
    :: XQTR :: Another Droid BBS :: andr01d.zapto.org:9999 :: xqtr@gmx.com

    --- Mystic BBS v1.12 A47 2020/11/23 (Raspberry Pi/32)
    * Origin: Another Droid BBS # andr01d.zapto.org:9999 (911:30210/0)
  • From esc@911:1719/0 to xqtr on Sun Jul 21 03:41:02 2024
    I haven't heard of them, until now... What do you think?

    I'm pretty familiar with them. A lot of corporations require it as endpoint security on all their employee machines, thanks to Windows.

    To me, it seems stupid to just be an upgrade issue, with such huge consequences. It's more possible to be a hacking/cracking thing in the Crowdstrike services and try to cover up, than a flop in some upgrade.

    I think it's possible...interesting perspective.

    With the world and the global economy turning to be a digital economy, this was a big hit, specially in the Western companies and economies, as China, Russia and other Eastern economies didn't get affected.

    This certainly is interesting to ponder. Hmm...

    --- Mystic BBS v1.12 A49 2023/02/26 (Linux/64)
    * Origin: m O N T E R E Y b B S . c O M (911:1719/0)
  • From paulie420@911:1503/0 to xqtr on Sun Jul 21 08:09:13 2024
    I haven't heard of them, until now... What do you think?

    I've seen their facilities across the U.S. - one, in Texas, they took over an entire mall after its close... was weird to see one industry completely take over another - times changing, I suppose.

    To me, it seems stupid to just be an upgrade issue, with such huge consequences. It's more possible to be a hacking/cracking thing in the Crowdstrike services and try to cover up, than a flop in some upgrade.

    One of the early fixes was to;

    Boot Windows in safe mode
    cd C:\Windows\system32\drivers\CrowdStrike
    rm C-00000291*.sys
    (repeat for every host, including remote workers)
    ... if using Bitlocker, jump off a cliff.

    So it sounds like the "Microsoft" mention was just to bring another name into it... it wasn't M$ anything, rather their own software that got an automatic update that broke systems with unloadable and unrecoverable drivers... but I'm just a layman. :P

    For sure Crowdstrike, will be affected, economically and will have huge losses. I don't know about Microsoft, which is a monopoly and users/companies can't go somewhere else, not without spending a lot of money.

    Again, I think the mention of M$ was just to attempt and bring someone else in. The way it auto-updates MIGHT have been a factor, but I'm sure MacOS and Linux systems running the CrowdStrike TSRs/software get the same sort of updates.

    With the world and the global economy turning to be a digital economy, this was a big hit, specially in the Western companies and economies, as China, Russia and other Eastern economies didn't get affected.

    Big hits is a relative term - like... yes, I'm sure the bottom line dollar amount of income lost might be a LARGE number, I think it'll end up more of a nuisance/hardship thing... a bunch of people didn't get to where they needed to go ON FRIDAY 7/19/2024... or company X lost $XXXX because of its systems not working.

    One state, tho - mine (Oregon), declared a state emergency due to some hospitals reliance on crowdstrike for their computers and not being able to anesthetize patients - or something to that effect. (I don't work in the hospital field, but heard about it...)

    All that being said, I think most companies and corporations will be back to normal come Monday... except for crowdstrike, of course. I think they might be the only organization who won't bounce back to normal - and I bet the suspect .sys files were put into place by some angry (or incompetent) employee??? What a mess.



    |07p|15AULIE|1142|07o
    |08.........

    --- Mystic BBS v1.12 A48 (Linux/64)
    * Origin: 2o fOr beeRS>>>20ForBeers.com:1337 (911:1503/0)
  • From jack phlash@911:1423/0 to xqtr on Sun Jul 21 16:25:31 2024
    on 21 Jul 2024, xqtr said...

    I haven't heard of them, until now... What do you think?

    I'm only passingly familiar with them though I haven't done much in the client security space for ~6 years or so, so my knowledge on specific companies and their products is a little stale.

    To me, it seems stupid to just be an upgrade issue, with such huge consequences. It's more possible to be a hacking/cracking thing in the Crowdstrike services and try to cover up, than a flop in some upgrade.

    Oh, I *completely* buy that it was an accidental fuck-up. These anti-virus/malware programs embed themselves into the OS and then put out new updates very quickly in order to protect from 0 day vulnerabilities and threats, which likely doesn't allow for a ton of testing, and they usually default to and/or recommend almost immediate updates to client machines, which again, doesn't really allow for any but the most paranoid of sysadmins to test or otherwise gracefully roll out updates. Combine all of that with agile development tends, I mean, no conspiracy necessary at all IMHO. This type of thing has happened before on smaller scales, and will surely happen again.

    |07j |15A C K |07p |15H L A S H |07!
    |08[https://jackphla.sh]

    --- Mystic BBS v1.12 A47 2021/12/25 (Windows/32)
    * Origin: d i s t o r t i o n // d1st.org (911:1423/0)
  • From jack phlash@911:1423/0 to paulie420 on Sun Jul 21 16:37:48 2024
    on 21 Jul 2024, paulie420 said...

    ... if using Bitlocker, jump off a cliff.

    Ha!

    So it sounds like the "Microsoft" mention was just to bring another name into it... it wasn't M$ anything, rather their own software that got an automatic update that broke systems with unloadable and unrecoverable drivers... but I'm just a layman. :P

    There was also a massive Azure outage that day but it kind of got overshadowed by this situation. Between that and it being only Windows machines that were impacted, some of it could have just been confusion leading to inaccurate reporting.

    Again, I think the mention of M$ was just to attempt and bring someone else in. The way it auto-updates MIGHT have been a factor, but I'm sure MacOS and Linux systems running the CrowdStrike TSRs/software get the
    same sort of updates.

    I'm sure they do. A lot of people were blaming this on Windows even after the smoke cleared, but a lot of corporate Linux boxes use it too, and I'm sure it's similarly intrusive.

    All that being said, I think most companies and corporations will be
    back to normal come Monday... except for crowdstrike, of course. I think they might be the only organization who won't bounce back to normal -
    and I bet the suspect .sys files were put into place by some angry (or incompetent) employee??? What a mess.

    Thankfully my company was only slightly impacted by this situation due to a third party service which was affected. Thankfully they fessed up almost immediately so I didn't have to be involved. That said, karma got me - all that laughing about CrowdStrike in the morning and I got to spend my Friday afternoon involved in two separate major outages, one brief one caused by my own team the night before that we had to unpack, and another that is still ongoing. Ugh.

    |07j |15A C K |07p |15H L A S H |07!
    |08[https://jackphla.sh]

    --- Mystic BBS v1.12 A47 2021/12/25 (Windows/32)
    * Origin: d i s t o r t i o n // d1st.org (911:1423/0)