CrowdStrike broke Debian and Rocky Linux months ago, but no one noticed

viking , 8 hours ago

To avoid such issues in the future, CrowdStrike should prioritize rigorous testing across all supported configurations.

Bold of them to assume there’s a future after a gazillion off incoming lawsuits.

finley , 8 hours ago

I was listening to a podcast earlier, and they mentioned the fact that their legal liability may, in fact, be limited because of specific wording in most of their contracts.

In other words, they may actually get away with this in the short term. In the long-term, however, a lot of organizations and governments that were hit by this will be reevaluating their reliance on such monolithic tech solutions as crowdstrike, and even Microsoft.

So you may be right, but not for the reasons you think.

rumschlumpel , 8 hours ago

and even Microsoft

(x) doubt

They had decades to consider Microsoft a liability. Why start doing something about it now?

catloaf , 8 hours ago

Because cybersecurity is becoming more of a priority. The US government has really put their attention on it in the last few years.

Maeve , 7 hours ago

Hard to tell, sometimes.

Tinidril , 7 hours ago

I was in IT back in 2001 when the Code Red virus hit. It was a very similar situation where entire enterprises in totally unrelated fields were brought down. So many infected machines were still trying to replicate that corporate networks and Internet backbone routers were getting absolutely crushed.

Prior to that, trying to get real funding for securing networks was almost impossible. Suddenly security was the hottest topic in IT and corporations were throwing money at all the snake oil Silicon Valley could produce.

That lasted for a couple years, then things started going back to business as usual. Microsoft in particular was making all sorts of promises and boasts about how they made security their top priority, but that never really happened. Security remained something slapped on at the end of product development and was never allowed to interfere with producing products demanded by marketing with inherently insecure designs.

xyguy , 5 hours ago

You’re absolutely right. Everyone will be very worried and talk about the importance of security in the enterprise and yada yada yada until a cool new AI spreadsheet software comes out and everybody forgets to even check if their firewall is turned on.

But with that being said, if you have been looking for a good time to ask for cybersecuity funding at your org, see if you can’t lock down 5 years worth of budget while everyone is aware of the risk to their businesses.

Maeve , 7 hours ago

Literally lol'd. Thanks for that!

Brkdncr , 7 hours ago

Contracts aren’t set in stone. Not only are those contracts modified before they are accepted by both parties, it’s difficult to limit liability when negligence is involved. CS is at worst going to be defending against those, at best defending against people dumping them ahead of schedule against their contracted term length.

mipadaitu , 4 hours ago

They mean after Crowdstrike gets sold, the new company promises a more rigorous QA, and quietly rebrands it.

captain_aggravated , 3 hours ago

Slorp is now Bonto!

Default_Defect , 2 hours ago

Cloudstrike, wait no!

quinkin , 7 hours ago

Additionally, organizations should approach CrowdStrike updates with caution

We would if we were able to control their “deployable content”.

AlecSadler , 7 hours ago

Serious question, can you not? There isn’t an option to…like…set a review system first?

EncryptKeeper , 6 hours ago

For antivirus definitions? No, and you wouldn’t want to.

AlecSadler , 6 hours ago

But it sounds like this added files / drivers or something, not just antivirus rules?

SeeJayEmm , 6 hours ago

Turns out it was a content update that caused the driver to crash but the update itself wasn’t a driver (as per their latest update.)

AlecSadler , 6 hours ago

Oh, wow.

b161 , 4 hours ago

Do you know if the sensor update policy had been set to N-2 would this have avoided the issue?

quinkin , 3 hours ago

No it would not.

starneld , 3 hours ago

Setting the update policy to N-2 (or any other configuration) would not have avoided the issue. The Falcon sensor itself wasn’t updated, which is what the update policy controls. As it turns out, you cannot control the content channel updates - you simply always get the updates.

b161 , 2 hours ago

💀 Fucking hell CrowdStrike.

wolfylow , 4 hours ago

Found this post that explains what happened in detail: lemmy.ohaa.xyz/post/3522666

As an application developer (rather than someone who can/does code operating systems) I was just left open-mouthed …

Looks like they’re delivering “code as content” to get around the rigour of getting an updated driver authorised by MS. I realise they can’t wait too long for driver approval for antivirus releases but surely - surely - you have an ironclad QA process if you’re playing with fire like this.

mox , 6 hours ago

nitter.poast.org/…/1814343502886477857

corsicanguppy , 6 hours ago

We would if we were able to control their “deployable content”.

Minimum safe distance.

ISOmorph , 4 hours ago

I read on another thread that an admin was emulating a testing environment by blocking CrowdStrike IPs on their firewall for the whole network before each update, with the exception of a couple machines. It’s stupid that he has to do this but hey, his network was unaffected

DasAlbatross , 6 hours ago

But I’ve read so many posts on here about how Linux is flawless!

ganymede , 5 hours ago

not sure if you’re being sarcastic, but if anything this news paints linux deployment in an even better light.

breakingcups , 3 hours ago

This is good for Bitcoin

FalseMyrmidon , 5 hours ago

Are you shocked that bad software can crash multiple operating systems or something?

ChairmanMeow , 4 hours ago

Nah, but there were some Linux evangelists claiming this couldn’t possibly happen to Linux and it only happened to Windows because Windows is bad. And it was your own fault for getting this BSOD if you’re still running Windows.

And sure, Windows bad and all, but this one wasn’t really Microsofts fault.

Petter1 , 3 hours ago

Well, ever heard freeBSD?

vext01 , 3 hours ago

Yeah, it supports kernel modules, so is also vulnerable to bad third party kernel code.

Petter1 , 2 hours ago

🤔if nobody makes a third party kernel module, then there is still no risk

vext01 , 2 hours ago

Also, even if they do, you can choose to not load it.

It amused me that so many people had this installed, but had no idea what it was for.

Ferris , 3 hours ago

if they dont know the boot sequence is a thing maybe their opinion on this doesnt really matter 🤷🏼

rottingleaf , 1 hour ago

The sane ones of us know well that a faulty driver is a faulty driver, but! Linux culture is different. Which is why this happened so spectacularly with Windows. EDIT: and not with Linux