9mo ago

Windows PCs crashing worldwide due to CrowdStrike issue

mashable.com

Microsoft outage updates: Crowdstrike issue still wreaking havoc despite fix

News @lemmy.world

farcaster @lemmy.world

9mo ago

Windows PCs crashing worldwide due to CrowdStrike issue

mashable.com /article/windows-bsod-crash-crowdstrike-update-worldwide-outage

80 comments

This is why you do staged rollouts of updates... not the entire planet at once.
- And don't have automatic updates enabled for critical infrastructure.
  
  So true, this really highlights the risk of updates impacting critical systems vs critical systems being exposed to critical vulnerabilities. Its a real balancing act.
  
  No, you run Linux with automatic secutity updates turned on

Can someone in non marketing terms explain what the fuck CrowdStrike Falcon Sensor is? I literally never heard of this company or product before.
- It's basically corporate anti-virus software. Intended to detect and prevent malware.
  
  Apparently it's the next iteration of AI based antivirus where it uses smart algorithms to detect system behaviours and makes assessments on whether they're malicious or not
  
  Is it less expensive than ransomware though?
  
  Can you tell whether this update was delivered by Crowdstrike's own update delivery pipeline of via Window's update pipeline?
- It checks for malicious falcons in your system's level 4 aviary cache.
  
  Ha ha! Well done!
- It's software put on every machine so that the company can quickly isolate it if/when something bad happens (or it falls out of security compliance). To do this is requires a constant Internet connection, insanely high privileges on the machine and frequent updates to be appraised of risks.
  That risk update went off the rails and into the next state.

I work in QA on the night shift at a video game company. It was absolute chaos at work tonight lmao we only had a grand total of 6 working PCs between all of us

Company spyware. We have that on our devices. They used to have an “about” stored locally on the app, but removed it and a web connection is required to view the docs. Basically says it downloads/sees everything on your device and checks for threats. Thing is a few people have been fired for having things in their devices they shouldn’t. I didn’t ask what it was, nor did I hear how these things were “threats”, but nonetheless they were fired. Too many people treat company hardware like “free device, bro!” and put all sorts of personal stuff on the device. Most industries it’s probably not too big of a deal, but for mine if there’s an incident that happens when you were busy watching Netflix or something instead of doing your job you’re fucked. First thing they’ll do is check your device and crowdstrike to see what you were doing, and even if you weren't watching Netflix all your personal data will be exposed.
- They definitely could, but most cybersecurity departments are paid too much to worry about minor items like that. If HR tells us to look into a specific user and gets the proper approvals so that everything is in compliance, we'll definitely get someone on the team to do it, but otherwise if we happen to see evidence of unapproved usage, we're mostly going to overlook it unless it could lead to something dangerous to your machine or the company as a whole.
  EDRs like Crowdstrike can see very very nearly everything you do though, definitely everything you would care about.

Yikes. I feel sorry for all the help desk and support staff that has to deal with this chaotic mess all day.
- On a Friday !
  
  What kind of criminally incompetent psychopath rolls out a global update on a fucking Friday afternoon?
  Is the CEO of CrowdStrike Satan?
  
  They'll need that beer.
- Yup, my phone is nonstop going off with slack messages and tickets. Time to mute it for now

What a striking name... CrowdStrike heh. They definitely live up to it!
- More like CrashStrike

This is going to turn out it was a hack in several months right?
- Won't take that long, security researchers are already decompiling the update to see if it was malicious or incompetence.
  
  This is going to be Solarwinds all over again I can just smell it.
  
  You won't find the incompetence in the software no matter what.
  If you fail to assume that the software contains issues -- if you fail to understand that your software is made by humans and humans make mistakes, not because they're bad but because they're human -- and if you fail to implement mechanisms to feel gracefully with inevitable failures, THAT is the incompetence.
  Failures are systemic.
- Hacks of this grade tend to be targeted, this is most likely incompetence.
  
  A lot of companies will get calls from the "provider" offering help with mitigation so that additional features can also be installed. This is a time to be extra wary.
  Edited: spelling
  
  Think big. This may have had a target. But hitting the target only wasn't possible so everyone got hit.
  It's possible those responsible only had this weapon that was capable of hitting the target, maybe the plan was to disrupt world flights to make someone late tomorrow, who knows. Maybe poo-tin or Xi-the-Pooh wanted to hit America and its allies?
- Never attribute to maliciousness that which can be explained by incompetence.
  That said, I'm sure the Crowdstrike CEO is currently on a phone call with three of their pet Congresscritters asking if they can get a $100M grant to harden their systems against Russia/China/NKorea/Antifa interference right now.
  
  "Senator, we were hacked by gay furries."
  
  If I ever become a super 1337 hacker I'm going to setup all of my exploits to look like it could be regular mismanagement, thanks for the advice
  
  While being simultaneously gang...handled by the unnamed 3-letter agencies representatives
- I'll just quietly leave this here: https://www.crowdstrike.com/blog/crowdstrike-google-cloud-expand-strategic-partnership/