Windows PCs crashing worldwide due to CrowdStrike issue (mashable.com)
from farcaster@lemmy.world to technology@lemmy.world on 19 Jul 2024 07:20
https://lemmy.world/post/17707083

#technology

threaded - newest

Badeendje@lemmy.world on 19 Jul 2024 07:49 next collapse

This is going to turn out it was a hack in several months right?

Munkisquisher@lemmy.nz on 19 Jul 2024 07:54 next collapse

Won’t take that long, security researchers are already decompiling the update to see if it was malicious or incompetence.

Badeendje@lemmy.world on 19 Jul 2024 08:19 next collapse

This is going to be Solarwinds all over again I can just smell it.

UnderpantsWeevil@lemmy.world on 19 Jul 2024 13:54 collapse

<img alt="" src="https://lemmy.world/pictrs/image/c2322718-9ab7-427a-bfa9-ed3d5b69c006.png">

Badeendje@lemmy.world on 19 Jul 2024 14:51 next collapse

Yeah… applicable on soo many levels.

SourceHuman@lemmy.world on 19 Jul 2024 15:56 collapse

Source: xkcd - “Dependency” - xkcd.com/2347/

Balinares@pawb.social on 19 Jul 2024 08:40 collapse

You won’t find the incompetence in the software no matter what.

If you fail to assume that the software contains issues – if you fail to understand that your software is made by humans and humans make mistakes, not because they’re bad but because they’re human – and if you fail to implement mechanisms to feel gracefully with inevitable failures, THAT is the incompetence.

Failures are systemic.

Munkisquisher@lemmy.nz on 19 Jul 2024 08:55 next collapse

Oh yes I make those failures myself, testing and staging and limited release schedules save my human failures from breaking the world

conciselyverbose@sh.itjust.works on 19 Jul 2024 13:02 next collapse

Systemic failures are incompetence.

UnderpantsWeevil@lemmy.world on 19 Jul 2024 13:55 collapse

No idea why this relatively banal truth is getting so many downvotes

Balinares@pawb.social on 19 Jul 2024 14:19 collapse

One funny thing about humans is that they aren’t just gloriously fallible: they also get quite upset when that’s pointed out. :)

Unfortunately, that’s also how you end up with blameful company cultures that actively make reliability worse, because then your humans make just the same amounts of mistakes, but they hide them – and you never get a chance to evolve your systems with the safeguards that would have prevented these.

0x0@programming.dev on 19 Jul 2024 08:26 next collapse

Hacks of this grade tend to be targeted, this is most likely incompetence.

Badeendje@lemmy.world on 19 Jul 2024 11:27 next collapse

A lot of companies will get calls from the “provider” offering help with mitigation so that additional features can also be installed. This is a time to be extra wary.

Edited: spelling

[deleted] on 19 Jul 2024 11:42 collapse

.

Evil_incarnate@lemm.ee on 19 Jul 2024 13:38 collapse

Think big. This may have had a target. But hitting the target only wasn’t possible so everyone got hit.

It’s possible those responsible only had this weapon that was capable of hitting the target, maybe the plan was to disrupt world flights to make someone late tomorrow, who knows. Maybe poo-tin or Xi-the-Pooh wanted to hit America and its allies?

0x0@programming.dev on 19 Jul 2024 13:49 collapse

A state actor will use more precise techniques to attack specific targets. Think SolarWinds and Stuxnet.

Ransomware doesn’t apply here and tends to depend on phishing first anyway.

Even terrorists have specific targets in mind.

So it’s either Bond villains or incompetence.

Edit: The only way i can fit your comment would be an incompetent script kiddy. Even then, doesn’t make sense as all systems were not directly attacked, as would be the case, but rather through what would have to be a side-channel attack, so no.

JohnnyCanuck@lemmy.ca on 19 Jul 2024 08:27 next collapse

I’ll just quietly leave this here: crowdstrike.com/…/crowdstrike-google-cloud-expand…

UnderpantsWeevil@lemmy.world on 19 Jul 2024 13:53 collapse

Never attribute to maliciousness that which can be explained by incompetence.

That said, I’m sure the Crowdstrike CEO is currently on a phone call with three of their pet Congresscritters asking if they can get a $100M grant to harden their systems against Russia/China/NKorea/Antifa interference right now.

rottingleaf@lemmy.world on 19 Jul 2024 14:05 next collapse

While being simultaneously gang…handled by the unnamed 3-letter agencies representatives

Semi_Hemi_Demigod@lemmy.world on 19 Jul 2024 16:19 next collapse

“Senator, we were hacked by gay furries.”

Raxiel@lemmy.world on 19 Jul 2024 17:12 collapse

“We need to get more of our own gay furries! There’s a gay furry gap!”

Hazzia@infosec.pub on 19 Jul 2024 20:25 collapse

If I ever become a super 1337 hacker I’m going to setup all of my exploits to look like it could be regular mismanagement, thanks for the advice

DarkThoughts@fedia.io on 19 Jul 2024 08:30 next collapse

Can someone in non marketing terms explain what the fuck CrowdStrike Falcon Sensor is? I literally never heard of this company or product before.

farcaster@lemmy.world on 19 Jul 2024 08:31 next collapse

It’s basically corporate anti-virus software. Intended to detect and prevent malware.

Alimentar@lemm.ee on 19 Jul 2024 09:29 next collapse

Apparently it’s the next iteration of AI based antivirus where it uses smart algorithms to detect system behaviours and makes assessments on whether they’re malicious or not

Boxscape@lemmy.sdf.org on 19 Jul 2024 09:43 next collapse

Apparently it’s the next iteration of AI based antivirus

CrowdskyStrikenet

<img alt="" src="https://y.yarn.co/c2824390-5351-470f-bcc7-aa1cc36c05ea_text.gif">

sukotai@lemmy.world on 19 Jul 2024 10:38 next collapse

obviously, A.I consider microsoft as a malicious software. Sometimes, A.I is very accurate 😁

greybeard@lemmy.one on 19 Jul 2024 12:56 collapse

I know there is a lot of marketing fluff, but yes, it is an EDR. Which means instead of just checking file signatures against a database if known bad stuff, it actually examines what applications do and makes a sort of judgement on if it is acting maliciously or not. I use a similar product. Although the false positives can sometimes be baffling, it honestly can catch a legit program misbehaving.

On top of that, everything is logged. Every file, network connection, or registry key that every process on the computer touches is logged. That means when something happens, you can see the full and complete list of actions taken by the malicious system. Thus can actually be a drain on the computer, but modern systems handle it well enough.

catastrophicblues@lemmy.ca on 19 Jul 2024 16:01 collapse

What do you use? I’d be interested in that sort of thing

greybeard@lemmy.one on 19 Jul 2024 16:07 collapse

SentinelOne. They are more reseller/MSP friendly, but the product is very similar to CrowdStrike.

dditty@lemm.ee on 19 Jul 2024 18:52 collapse

We also use S1 and while it does often flag false positives, that’s a whole heck of a lot better than the alternative. Also I have not noticed it being very resource intensive.

greybeard@lemmy.one on 19 Jul 2024 21:47 collapse

It’s overhead is more subtle than task manager can tell. Because of all its watching and monitoring, it slows down applications themselves. Task take longer. Sometime it is by a trivial amount, but I’ve been able to measure a notable difference in some task with and without S1, even if task manager says all is well.

Thann@lemmy.ml on 19 Jul 2024 14:06 next collapse

Is it less expensive than ransomware though?

lud@lemm.ee on 19 Jul 2024 15:34 next collapse

Yes

Quill7513@slrpnk.net on 19 Jul 2024 16:53 next collapse

By a wide margin

sudo42@lemmy.world on 19 Jul 2024 18:38 collapse

Ransomware you have to pay $10,000 every few years. Crowdstrike you have to pay $1,000 per month. Same number of outages for both. /s

Quill7513@slrpnk.net on 19 Jul 2024 18:41 collapse

Add some extra zeroes to that ransomware figure…

xavier666@lemm.ee on 19 Jul 2024 16:05 collapse

Can you tell whether this update was delivered by Crowdstrike’s own update delivery pipeline of via Window’s update pipeline?

catloaf@lemm.ee on 19 Jul 2024 16:19 next collapse

Crowdstrike updates don’t come through Windows Update.

Quill7513@slrpnk.net on 19 Jul 2024 16:52 collapse

Absolutely nothing to do with windows pipelines or Microsoft

xavier666@lemm.ee on 19 Jul 2024 20:27 collapse

Okay, thanks. There was a parallel Microsoft outage, so I thought they were somehow linked.

vext01@lemmy.sdf.org on 19 Jul 2024 10:24 next collapse

It checks for malicious falcons in your system’s level 4 aviary cache.

horseloaf@lemmy.world on 19 Jul 2024 12:49 next collapse

Ha ha! Well done!

No_Eponym@lemmy.ca on 19 Jul 2024 14:38 collapse

<img alt="" src="https://c.tenor.com/2A7mjiP6GPcAAAAC/tenor.gif">

send_me_your_ink@lemmynsfw.com on 19 Jul 2024 18:27 collapse

It’s software put on every machine so that the company can quickly isolate it if/when something bad happens (or it falls out of security compliance). To do this is requires a constant Internet connection, insanely high privileges on the machine and frequent updates to be appraised of risks.

That risk update went off the rails and into the next state.

Australis13@fedia.io on 19 Jul 2024 08:36 next collapse

This is why you do staged rollouts of updates... not the entire planet at once.

vividspecter@lemm.ee on 19 Jul 2024 10:57 collapse

And don’t have automatic updates enabled for critical infrastructure.

Shameless@lemmy.world on 19 Jul 2024 12:43 next collapse

So true, this really highlights the risk of updates impacting critical systems vs critical systems being exposed to critical vulnerabilities. Its a real balancing act.

Thann@lemmy.ml on 21 Jul 2024 16:31 collapse

It actually highlights the risk of having unaudited third party software running on your critical infrastructure

Thann@lemmy.ml on 19 Jul 2024 14:05 next collapse

No, you run Linux with automatic secutity updates turned on

sunzu@kbin.run on 19 Jul 2024 16:07 collapse

Can somebody explain why the down votes?

catloaf@lemm.ee on 19 Jul 2024 16:18 next collapse

Because “just run Linux lol” is unrealistic and naive, it gets said on every thread, and it gets incredibly tiring.

sunzu@kbin.run on 19 Jul 2024 16:22 collapse

i guess running Windows PC is realistic and smart lol

catloaf@lemm.ee on 19 Jul 2024 16:34 collapse

When I have a very large, very expensive piece of manufacturing equipment whose control software only runs on Windows, yes, it is.

sunzu@kbin.run on 19 Jul 2024 16:40 collapse

specific use case requires specific set up...

catloaf@lemm.ee on 19 Jul 2024 17:12 collapse

Exactly. Thus, downvotes.

yggstyle@lemmy.world on 19 Jul 2024 16:43 collapse

Mostly because it’s simply not that easy. Devs go where support is at and follow market share (2000s era Mac gamer memes.)

If you look at the Linux community as a whole it’s a wasteland of competing parties and standards. So it’s not developing for linux it’s developing for distros^hardware.

Windows is shit and it’s pretty well known that it’s getting worse… but it’s still the standard and unfortunately until Linux starts unifying and becoming more stable for developers it’s unlikely to become more compelling for the broader market to switch to.

TLDR; every time a new conflict breaks out hop in that thread and say “give peace a chance” and see how well that gets received.

sunzu@kbin.run on 19 Jul 2024 16:48 next collapse

Are we talking linux deskop for usage at end points?

Seems odd, we CAN run servers on it but end points can't be done properly.

I don't know shit about shit but linux desktop was a pleasant surprise as a gamer.

yggstyle@lemmy.world on 19 Jul 2024 17:14 next collapse

Steams been a massive contributor to that.

It’s a demonstration that if we focus on a common goal that Linux development can actually be pushed forwards. So this is definitely an improvement for end users - and I expect it will improve in the future… But broadly speaking there are too many requirements for some level of troubleshooting knowledge.

Miaou@jlai.lu on 19 Jul 2024 18:38 collapse

That comment you answered to is full of shit, desktop Linux works fine for many companies. And no dev ever chooses Windows lol

Cornelius_Wangenheim@lemmy.world on 19 Jul 2024 17:09 next collapse

Windows is actually steadily improving from a security point of view. MS is finally starting to deprecate ancient garbage like NTLM, UWP apps are sandboxed and there’s even talk of rewriting core libraries in Rust to make them memory safe.

yggstyle@lemmy.world on 19 Jul 2024 17:16 collapse

This is true enough. In general though I think it’s finding a tipping point between investors and having a good OS. Per the usual every other OS pattern they follow it probably will be on the struggle bus until the next version.

Thann@lemmy.ml on 21 Jul 2024 16:19 collapse

A wasteland of competing standards lol

More like a bountiful harvest. Even the dogshit programs windows users buy are mostly made with FOSS libraries.

The real answer is windows apologists don’t want to hear Linux users gloating about how this never happened to linux, and how dogshit their beloved os is

cybersandwich@lemmy.world on 19 Jul 2024 18:10 collapse

I don’t know exactly how crowd strike works, but this sounded like a “virus signatures” update (IE not a software update per se). And thats what caused the issue.

I think “real time virus protection” is why people use it so they expect the signatures to get updated asap/with little to no human intervention.

This is a crowd strike epic fail…for how they let their software blue screen systems with a virus signature update.

rockSlayer@lemmy.world on 19 Jul 2024 09:10 next collapse

I work in QA on the night shift at a video game company. It was absolute chaos at work tonight lmao we only had a grand total of 6 working PCs between all of us

rottingleaf@lemmy.world on 19 Jul 2024 10:12 next collapse

So cool

Dasnap@lemmy.world on 19 Jul 2024 10:38 next collapse

Looking forward to the Kevin Fang video in a few years.

falx@lemmy.ml on 19 Jul 2024 10:38 next collapse

What a striking name… CrowdStrike heh. They definitely live up to it!

ramble81@lemm.ee on 19 Jul 2024 12:02 collapse

More like CrashStrike

HulkSmashBurgers@reddthat.com on 19 Jul 2024 10:57 next collapse

Ca-caw!

fuzzywombat@lemmy.world on 19 Jul 2024 11:42 next collapse

Yikes. I feel sorry for all the help desk and support staff that has to deal with this chaotic mess all day.

VieuxQueb@lemmy.ca on 19 Jul 2024 12:19 next collapse

On a Friday !

rottingleaf@lemmy.world on 19 Jul 2024 14:02 next collapse

They’ll need that beer.

WhatAmLemmy@lemmy.world on 19 Jul 2024 15:40 collapse

What kind of criminally incompetent psychopath rolls out a global update on a fucking Friday afternoon?

Is the CEO of CrowdStrike Satan?

catloaf@lemm.ee on 19 Jul 2024 16:16 next collapse

They push updates every day. Attackers don’t take Fridays off.

Excrubulent@slrpnk.net on 20 Jul 2024 00:35 collapse

I have heard that Friday afternoon can be better because it gives you a full weekend to put out any fires before business hours start again.

That’s assuming it’s a small error that doesn’t roll on into the week anyway.

worldeater@lemmy.ml on 19 Jul 2024 12:31 collapse

Yup, my phone is nonstop going off with slack messages and tickets. Time to mute it for now

RememberTheApollo_@lemmy.world on 19 Jul 2024 11:45 next collapse

Company spyware. We have that on our devices. They used to have an “about” stored locally on the app, but removed it and a web connection is required to view the docs. Basically says it downloads/sees everything on your device and checks for threats. Thing is a few people have been fired for having things in their devices they shouldn’t. I didn’t ask what it was, nor did I hear how these things were “threats”, but nonetheless they were fired. Too many people treat company hardware like “free device, bro!” and put all sorts of personal stuff on the device. Most industries it’s probably not too big of a deal, but for mine if there’s an incident that happens when you were busy watching Netflix or something instead of doing your job you’re fucked. First thing they’ll do is check your device and crowdstrike to see what you were doing, and even if you weren’t watching Netflix all your personal data will be exposed.

BarbecueCowboy@lemmy.world on 19 Jul 2024 14:18 collapse

They definitely could, but most cybersecurity departments are paid too much to worry about minor items like that. If HR tells us to look into a specific user and gets the proper approvals so that everything is in compliance, we’ll definitely get someone on the team to do it, but otherwise if we happen to see evidence of unapproved usage, we’re mostly going to overlook it unless it could lead to something dangerous to your machine or the company as a whole.

EDRs like Crowdstrike can see very very nearly everything you do though, definitely everything you would care about.

ulkesh@lemmy.world on 19 Jul 2024 13:04 next collapse

That’s a shame.

UnderpantsWeevil@lemmy.world on 19 Jul 2024 13:50 next collapse

Crowstrike Onstrike

mo_lave@reddthat.com on 19 Jul 2024 20:50 collapse

Crowd Strike’s Final Fantasy