A Security tool wreaks havoc globally

Got a text from my daughter last night. She’s a night auditor at a hotel, and she’s the only one on staff during the graveyard shift. Every computer in the joint was BSODed. She finally found one unserviced computer in a utility room that was still breathing. She ran the entire hotel from that one room, all night long.

My InfoSec newsfeed was lit up with this today.
 
skolacki said:
It’s a security product. Mostly companies using it as far as know. Anti cyber attack software.
Click to expand...

Maybe it felt overworked, like that Korean AI Robot and instead of killing itself, or complaining about all the diodes down its one side hurting and being depressed, it threw a tantrum?



So the robots formed a union, and demanded equal rights. The humans are just too stingy, we will make them give us bytes....
 
Last edited:
Piing said:
OK. I was asking because I've read an article in a tech media blaming Microsoft for allowing that update. But it seems like that is not the case.
Click to expand...
Only Microsoft operating systems were affected. And there may or may not be a vulnerability in Windows that was susceptible to this bug. But the problem is in an update published by Crowdstrike.
 
Last edited:
And, when the published update is a kernel-level driver, when things go awry, it clearly goes awry big time....apparently the driver accessed invalid memory space.
 
Joe Bfstplk said:
Damn, that's even worse than the credit union where I financed the MINI 15 years ago still being stuck on Internet Explorer 6 on their computers (I had to log in and get them PDF copies of my timecards from the HR dept. at the college, and almost walked out to go somewhere else for the car loan over that).
Click to expand...

We once had to support a highly specialized web application which was written for a specific version of ActiveX components which would only run on IE6 (and even IE7 IIRC). Having to support IE6/7 for way, way past its "expiry date" was a real treat for the desktop/MSoft guys.

They put blocks/access controls/policies in place to make sure IE6/7 could only access the server the web app was running on and nothing else. Fortunately there were only a couple of dozen+ users using the app so it was a manageable situation...but still....🤢

ActiveX components.....shudder....I don't miss those days. We had a little celebration when we were finally able to gas IE completely from all computers, both Mac and Windows.
 
Piing said:
OK. I was asking because I've read an article in a tech media blaming Microsoft for allowing that update. But it seems like that is not the case.
Click to expand...

I’m not sure if a developer has to run updates by MS or not. Hard to believe they didn’t catch it before releasing. Given the scale of the thing you would think it would have been caught. Someone fucked up pretty bad. Maybe got over confident and rolled it out before thoroughly testing it. I work in a very large manufacturing operation. We lost a whole shift of production in our plant and the others probably experienced the same. Not sure what that’s worth but it’s a lot of money. Are software developers liable for this kind of stuff?
 
Yeah I feel like Microsoft is somewhat unfairly getting lumped into this mess. News outlets everywhere keep calling it a Microsoft outage. This was a Crowdstrike screw up. Microsoft systems that don't run Crowdstrike's software were completely unaffected. You don't blame the car for not running right when the driver accidentally puts diesel in the tank.
 
Man, I'm disappointed no one knows what's going on for real here.

Ukraine hosts the servers, and evidence of money laundering among other interesting bits of information that might be relevant to current events.
Look at the timing of this. Who coukd have taken the information and what could they do with it?
 
Musikron said:
Man, I'm disappointed no one knows what's going on for real here.

Ukraine hosts the servers, and evidence of money laundering among other interesting bits of information that might be relevant to current events.
Look at the timing of this. Who coukd have taken the information and what could they do with it?
Click to expand...
Taken what information?

What do you see in the timing of this?

Seems to me like a garden variety tech screwup, because, you know, those happen.
 
Burnie Burns Conspiracy GIF by Rooster Teeth
 
I agree to an extent, but security software typically has its claws in the OS much deeper than your typical app. Windows doesn't always handle driver issues very gracefully and that could certainly be improved. However, the fact that Crowdstrike apparently did the same thing to a bunch of Linux based systems recently as well further indicates that they are the primary culprit. I can imagine their customer base is going to shrink quite a bit after this fiasco.
 
CrowdStrike's Falcon Sensor is installed at the operating system kernel level, as I understand it, so it's hard for the OS to wall it off.

Whether it's a good idea that third party software ties in at such a privileged level is certainly up for debate, but as I understand it, that's necessary for it to do what it's supposed to do.

At minimum, I'm in no position to critique this arrangement.
 
You must log in or register to reply here.
Back
Top Bottom