There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

CrowdStrike downtime apparently caused by update that replaced a file with 42kb of zeroes Spanish

…according to a Twitter post by the Chief Informational Security Officer of Grand Canyon Education.

So, does anyone else find it odd that the file that caused everything CrowdStrike to freak out, C-00000291-
00000000-00000032.sys was 42KB of blank/null values, while the replacement file C-00000291-00000000-
00000.033.sys was 35KB and looked like a normal, if not obfuscated sys/.conf file?

Also, apparently CrowdStrike had at least 5 hours to work on the problem between the time it was discovered and the time it was fixed.

EleventhHour ,
@EleventhHour@lemmy.world avatar 

<span style="color:#323232;">d'00000000 00000000 00000000 00000000 00000000
</span><span style="color:#323232;">00000000 00000000 00000000 00000000 00000000
</span><span style="color:#323232;">00000000 00000000 00000000 00000000 00000000
</span><span style="color:#323232;">00000000 00000000 00000000 00000000 00000000
</span><span style="color:#323232;">00000000 00000000 00000000 00000000 00000000
</span><span style="color:#323232;">00000000 00000000 00000000 00000000 00000000
</span><span style="color:#323232;">00000000 00000000 00000000 00000000 00000000
</span><span style="color:#323232;">00000000 00000000 00000000 00000000 00000000!
</span>
independantiste ,
@independantiste@sh.itjust.works avatar

Every affected company should be extremely thankful that this was an accidental bug, because if crowdstrike gets hacked, it means the bad actors could basically ransom I don’t know how many millions of computers overnight

Not to mention that crowdstrike will now be a massive target from hackers trying to do exactly this

Miaou ,

I’d assume state (or other serious) actors already know about these companies.

Evotech ,

Don’t Google solar winds

qprimed ,

security as a service is about to cost the world a pretty penny.

Telorand ,

You mean it’s going to cost corporations a pretty penny. Which means they’ll pass those “costs of operation” on to the rest of us. Fuck.

qprimed ,

well, the world does include the rest of us.

and its not just opeerational costs. what happens when an outage lasts 3+ days and affects all communication and travel? thats another massive shock to the system.

they come faster and faster.

cupcakezealot ,
@cupcakezealot@lemmy.blahaj.zone avatar

have they ruled out any possibility of a man in the middle attack by a foreign actor?

db2 ,

Or it being an intentional proof of concept

simplejack ,
@simplejack@lemmy.world avatar

This was not a cyberattack.

crowdstrike.com/…/statement-on-falcon-content-upd…

I guess they could be lying, but if they were lying, I don’t know if their argument of “we’re incompetent” is instilling more trust in them.

diffusive ,

If I had to bet my money, a bad machine with corrupted memory pushed the file at a very final stage of the release.

The astonishing fact is that for a security software I would expect all files being verified against a signature (that would have prevented this issue and some kinds of attacks

LodeMike ,

Which is still unacceptable.

LodeMike ,

Which is still unacceptable.

Gork ,

How can all of those zeroes cause a major OS crash?

MajinBlayze ,

Because it’s supposed to be something else

jared ,
@jared@mander.xyz avatar

At least a few 1’s I imagine.

Iheartcheese ,
@Iheartcheese@lemmy.world avatar

What if we put in a 2

kinkles ,
@kinkles@sh.itjust.works avatar

Society isn’t ready for that

NaibofTabr ,

https://i.pinimg.com/originals/b4/c8/9b/b4c89b3ad34e7bc2799bd3f0bdb8d7e4.png

thurstylark ,

Well, you see, the front fell off.

tiramichu ,

If I send you on stage at the Olympic Games opening ceremony with a sealed envelope

And I say “This contains your script, just open it and read it”

And then when you open it, the script is blank

You’re gonna freak out

Gork ,

Ah, makes sense. I guess a driver would completely freak out if that file gave no instructions and was just like “…”

sigmaklimgrindset ,

Great layman’s explanation.

driving_crooner , (edited )
@driving_crooner@lemmy.eco.br avatar

The file is used to store values to use as denominators on some divisions down the process. Being all zeros is caused a division by zero erro. Pretty rookie mistake, you should do IFERROR(;0) when using divisions to avoid that.

sugar_in_your_tea ,

I disagree. I’d rather things crash than silently succeed or change the computation. They should have done better input and output validation, and gracefully fail into a recoverable state that sends a message to an admin to correct. A divide by zero doesn’t crash a system, it’s a recoverable error they should 100% detect and handle, hot sweep under the rug.

urquell ,

Well, the file shouldn’t be zeroes

LodeMike ,

Windows

bjoern_tantau ,
@bjoern_tantau@swg-empire.de avatar

Ah, a classic off by 43,008 zeroes error.

TropicalDingdong ,

If you listen closely, you can hear this file.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • [email protected]
  • random
  • lifeLocal
  • goranko
  • All magazines
    •