this post was submitted on 22 Jul 2024
586 points (97.6% liked)

Technology

59402 readers
2858 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] viking@infosec.pub 163 points 3 months ago (2 children)

To avoid such issues in the future, CrowdStrike should prioritize rigorous testing across all supported configurations.

Bold of them to assume there's a future after a gazillion off incoming lawsuits.

[–] finley@lemm.ee 79 points 3 months ago* (last edited 3 months ago) (5 children)

I was listening to a podcast earlier, and they mentioned the fact that their legal liability may, in fact, be limited because of specific wording in most of their contracts.

In other words, they may actually get away with this in the short term. In the long-term, however, a lot of organizations and governments that were hit by this will be reevaluating their reliance on such monolithic tech solutions as crowdstrike, and even Microsoft.

So you may be right, but not for the reasons you think.

[–] rumschlumpel@feddit.org 88 points 3 months ago (2 children)

and even Microsoft

(x) doubt

They had decades to consider Microsoft a liability. Why start doing something about it now?

[–] catloaf@lemm.ee 21 points 3 months ago (2 children)

Because cybersecurity is becoming more of a priority. The US government has really put their attention on it in the last few years.

[–] Tinidril@midwest.social 32 points 3 months ago* (last edited 3 months ago) (1 children)

I was in IT back in 2001 when the Code Red virus hit. It was a very similar situation where entire enterprises in totally unrelated fields were brought down. So many infected machines were still trying to replicate that corporate networks and Internet backbone routers were getting absolutely crushed.

Prior to that, trying to get real funding for securing networks was almost impossible. Suddenly security was the hottest topic in IT and corporations were throwing money at all the snake oil Silicon Valley could produce.

That lasted for a couple years, then things started going back to business as usual. Microsoft in particular was making all sorts of promises and boasts about how they made security their top priority, but that never really happened. Security remained something slapped on at the end of product development and was never allowed to interfere with producing products demanded by marketing with inherently insecure designs.

[–] xyguy@startrek.website 14 points 3 months ago

You're absolutely right. Everyone will be very worried and talk about the importance of security in the enterprise and yada yada yada until a cool new AI spreadsheet software comes out and everybody forgets to even check if their firewall is turned on.

But with that being said, if you have been looking for a good time to ask for cybersecuity funding at your org, see if you can't lock down 5 years worth of budget while everyone is aware of the risk to their businesses.

load more comments (1 replies)
load more comments (1 replies)
[–] Brkdncr@lemmy.world 12 points 3 months ago

Contracts aren’t set in stone. Not only are those contracts modified before they are accepted by both parties, it’s difficult to limit liability when negligence is involved. CS is at worst going to be defending against those, at best defending against people dumping them ahead of schedule against their contracted term length.

load more comments (3 replies)
[–] mipadaitu@lemmy.world 35 points 3 months ago (3 children)

They mean after Crowdstrike gets sold, the new company promises a more rigorous QA, and quietly rebrands it.

[–] captain_aggravated@sh.itjust.works 22 points 3 months ago

Slorp is now Bonto!

[–] bitchkat@lemmy.world 7 points 3 months ago

I think you mean after they sell their assets to a new company. Leave the lawsuits with the old company who will shut down.

[–] Default_Defect@midwest.social 6 points 3 months ago (1 children)
[–] derpgon@programming.dev 7 points 3 months ago

What are you doing Counterstrike

[–] quinkin@lemmy.world 82 points 3 months ago (3 children)

Additionally, organizations should approach CrowdStrike updates with caution

We would if we were able to control their "deployable content".

[–] ISOmorph@feddit.org 46 points 3 months ago* (last edited 3 months ago)

I read on another thread that an admin was emulating a testing environment by blocking CrowdStrike IPs on their firewall for the whole network before each update, with the exception of a couple machines. It's stupid that he has to do this but hey, his network was unaffected

[–] AlecSadler@sh.itjust.works 8 points 3 months ago (1 children)

Serious question, can you not? There isn't an option to...like...set a review system first?

[–] EncryptKeeper@lemmy.world 16 points 3 months ago (1 children)

For antivirus definitions? No, and you wouldn’t want to.

[–] AlecSadler@sh.itjust.works 6 points 3 months ago (2 children)

But it sounds like this added files / drivers or something, not just antivirus rules?

[–] SeeJayEmm@lemmy.procrastinati.org 26 points 3 months ago (6 children)

Turns out it was a content update that caused the driver to crash but the update itself wasn't a driver (as per their latest update.)

[–] wolfylow@lemmy.world 22 points 3 months ago

Found this post that explains what happened in detail: https://lemmy.ohaa.xyz/post/3522666

As an application developer (rather than someone who can/does code operating systems) I was just left open-mouthed …

Looks like they’re delivering “code as content” to get around the rigour of getting an updated driver authorised by MS. I realise they can’t wait too long for driver approval for antivirus releases but surely - surely - you have an ironclad QA process if you’re playing with fire like this.

[–] AlecSadler@sh.itjust.works 3 points 3 months ago
load more comments (4 replies)
[–] corsicanguppy@lemmy.ca 3 points 3 months ago

We would if we were able to control their “deployable content”.

Minimum safe distance.

[–] DasAlbatross@lemmy.world 79 points 3 months ago (10 children)

But I've read so many posts on here about how Linux is flawless!

[–] ganymede@lemmy.ml 50 points 3 months ago (1 children)

not sure if you're being sarcastic, but if anything this news paints linux deployment in an even better light.

[–] breakingcups@lemmy.world 14 points 3 months ago

This is good for Bitcoin

[–] FalseMyrmidon@kbin.run 24 points 3 months ago (2 children)

Are you shocked that bad software can crash multiple operating systems or something?

[–] ChairmanMeow@programming.dev 61 points 3 months ago (7 children)

Nah, but there were some Linux evangelists claiming this couldn't possibly happen to Linux and it only happened to Windows because Windows is bad. And it was your own fault for getting this BSOD if you're still running Windows.

And sure, Windows bad and all, but this one wasn't really Microsofts fault.

[–] rottingleaf@lemmy.world 10 points 3 months ago* (last edited 3 months ago) (2 children)

The sane ones of us know well that a faulty driver is a faulty driver, but! Linux culture is different. Which is why this happened so spectacularly with Windows. EDIT: and not with Linux

load more comments (2 replies)
load more comments (6 replies)
[–] DasAlbatross@lemmy.world 7 points 3 months ago

I'm not shocked at all, but there seems to be a very sizable number of people on Lemmy who think if people just used Linux there'd never be another problem or exploit again, which is ridiculous. Mac users used to feel the same way until the market share started to grow and all of the sudden you're seeing news of serious exploits.

load more comments (8 replies)
[–] BurnSquirrel@lemmy.world 44 points 3 months ago (4 children)

Companies don't really use Debian or Rocky in widescale production because they have no support.

Now red hat or ubuntu is a different matter.

Honestly though this does point out that this is a pattern of behavior on crowdstrikes part. This should have been the canary in the coalmine.

[–] lud@lemm.ee 26 points 3 months ago

We actually use rocky and I think Debian at work for servers. We are currently migrating away from EOL centos .

[–] histic@lemmy.dbzer0.com 22 points 3 months ago

A lot of companies use debian

[–] TrumpetX@programming.dev 8 points 3 months ago

We use Alma, which is basically Rocky. Before that, CentOS. Lots of people don't need or want the expensive support contracts.

OSS support though donations and commits is the way to go unless you get value out of those contracts (we would not).

[–] ninekeysdown@lemmy.world 6 points 3 months ago* (last edited 3 months ago)

I don’t know about that. In the HPC space we use a lot of EL distros. Mainly Centos & now Rocky. Most of the nodes run the os in ram too. Though almost all those kind of systems have no internet connection and don’t use things like crowdstrike. I’ve worked for a few places where the only part of the company that used windows was the office staff eg accounting, hr, etc. everything else is/was using an EL distro or upstream of one eg Fedora. Those type of places usually don’t mess things like crowdstrike for a lot of different reasons eg the kind of data they’re processing and security requirements on that data.

[–] NutWrench@lemmy.world 11 points 3 months ago (5 children)

In April, a CrowdStrike update caused all Debian Linux servers in a civic tech lab to crash simultaneously and refuse to boot.

And then, you boot their servers from a Linux Live USB, run TimeShift to restore the last system snapshot, refuse the latest patch from Cloudstrike and they all lived happily ever after.

[–] avidamoeba@lemmy.ca 23 points 3 months ago

None of these things are used in actual server operations.

[–] Evilcoleslaw@lemmy.world 22 points 3 months ago

And it's not much more difficult to fix on Windows, except for the scale of the problem.

[–] RecluseRamble@lemmy.dbzer0.com 12 points 3 months ago (1 children)

Good luck doing that remotely. Which is the sole problem with this most recent CrowdStrike bug.

load more comments (1 replies)
[–] kurap1ka@lemmy.world 4 points 3 months ago

And on Windows you booted in safe mode and removed one file. What's the point of your post?

load more comments (1 replies)
[–] Vilian@lemmy.ca 6 points 3 months ago (1 children)

Because Linux sysadmins know to test a fucking update before applying to the whole company

load more comments (1 replies)
[–] ZILtoid1991@lemmy.world 5 points 3 months ago

Microsoft already has a very bad reputation, so they will be blamed for every issue on their OS.

Vista suffered from bad 3rd party drivers, then people proceeded to just dunk on M$ due to their already bad name. Despite Edge is nowadays just a different flavor of Chromium, people are still making "haha IE slow" memes, even those that still claim Google being the "savior of the internet".

load more comments
view more: next ›