CrowdStrike unhappy with “shady commentary” from competitors after outage

Ste41th , 9 hours ago

Basically they fucked up and don’t like the criticism from other companies/ customers.

sunzu2 , 9 hours ago

Classic corporate "leadership"

We didn't do nuffin shareholders, please pay

Boozilla , 7 hours ago

That one for sure…or: Here’s a shiny new thing, customers. You didn’t ask for it, and it actually makes our product a little bit worse…but it’s new. You don’t want to miss out on the new thing, do you?

themeatbridge , 9 hours ago (edited 9 hours ago)

It’s not really criticism, it’s competitors claiming they will never fuck up.

Like, if you found mouse in your hamburger at McDonald’s, that’s a massive fuckup. If Burger King then started saying “you’ll never find anything gross in Burger King food!” that would be both crass opportunism and patently false.

It’s reasonable to criticize CrowdStrike. They fucked up huge. The incident was a fuckup, and creating an environment where one incident could cause total widespread failure was a systemic fuckup. And it’s not even their first fuckup, just the most impactful and public.

But also Microsoft fucked up. And the clients, those who put all of their trust into Microsoft and CrowdStrike without regard to testing, backups, or redundancy, they fucked up, too. Delta shut down, cancelling 4,600 flights. American Airlines cancelled 43 flights, 10 of which would have been cancelled even without the outage.

Like, imagine if some diners at McDonald’s connected their mouths to a chute that delivers pre-chewed food sight-unseen into their gullets, and then got mad when they fell ill from eating a mouse. Don’t do that, not at any restaurant.

All that said, if you fuck up, you don’t get to complain about your competitors being crass opportunists.

ShepherdPie , 9 hours ago

Even if that’s the case, how is it Crowdstrike’s place to call these other companies out for claiming something similar will never happen to them? Thus far, it had only ever happened to CS.

sfxrlz , 9 hours ago

It feels like a pattern though. I’ve not seen too much from them but they seem to be saying factually correct stuff. But neither worded correctly nor at the right time.

catloaf , 9 hours ago

No, we had Sentinelone take down our company a few months ago. Granted, not a global outage, but it’s something similar. I’m sure that if you went back in news archives, you’d find articles about major Sentinelone outages. I think Crowdstrike is just the biggest one in recent history. It’s certainly not unprecedented.

themeatbridge , 4 hours ago

Even if that’s the case, how is it Crowdstrike’s place to call these other companies out for claiming something similar will never happen to them?

I agree completely, which is why I added that last sentence in an edit. This is a bad look for CrowdStrike, even if I agree with the sentiment.

Thus far, it had only ever happened to CS.

Everybody fucks up now and then. That’s my point. It’s why you shouldn’t trust one company to automatically push security updates to critical production servers without either a testing environment or disaster recovery procedures in place.

I doubt you’ll find any software company, or any company in any industry, that has not fucked up something really important. That’s the nature of commerce. It’s why many security protocols exist in the first place. If everyone could be trusted to do their jobs right 100% of the time, you would only need to worry about malicious attacks which make up only a small fraction of security incidents.

The difference here is that CrowdStrike sold a bunch of clients on the idea that they could be trusted to push security updates to production servers without trsting environments. I doubt they told Delta that they didn’t need DRP or any redundancy, but either way, the failure was amplified by a collective technical debt that corporations have been building into their budget sheets to pad their stock prices.

By all means, switch from CrowdStrike to a competitor. Or sue them for the loss of value resulting in their fuckup. Sort that out in the contracts and courts, because that’s not my area. But we should all recognize that the lesson learned is not to switch to another threat prevention software company that won’t fuck up. Such a company does not exist.

If you stub your toe, you don’t start walking on your hands. You move the damn coffee table out of the pathway and watch where you’re walking. The lesson is to invest in your infrastructure, build in redundancy, and protect your critical systems from shit like this.

Hominine , 9 hours ago

Well there’s a provocative anecdote if I’ve ever seen one. Well done.

jubilationtcornpone , 8 hours ago

Resiliency and security have a lot of layers. The crowd strike bungle was very bad but more than anything it shined a bright spot light on the fact that certain organizations IT orgs are just a house of cards waiting to get blown away.

I’m looking at Delta in particular. Airlines are a critical transportation service and to have issues with one software vendor bring your entire company screeching to a halt is nothing short of embarrassing.

If I were on the board, my first question would be, “where’s our DRP and why was this situation not accounted for?”

Boozilla , 7 hours ago

House of cards is exactly right. At every IT job I’ve worked, the bosses want to check the DRP box as long as it costs as close to zero dollars as possible, and a day or two of 1-2 people writing it up. I do my best to cover my own ass, and regularly do actual restores, limit potential blast radii, and so on. But at a high level, bosses don’t give AF about defense, they are always on offense (i.e. make more money faster).

NaoPb , 7 hours ago

This is the first time I’ve heard someone call it a house of cards and I think that fits it perfectly!

brbposting , 6 hours ago

you’ll never find anything gross in Burger King food!

https://sh.itjust.works/pictrs/image/52280449-2deb-497c-b68c-0b5f8a7035cc.jpeg

Feathercrown , 5 hours ago

Number fifteen…

Ste41th , 5 hours ago

That’s the first thing I heard in my head lmao

Bosht , 9 hours ago

Yeah, it was an international fuck up. You’re going to get heat, and it’s 100 percent deserved. Go cry in a corner and fuck off into oblivion.

ByteOnBikes , 1 hour ago

It was called “Y2K if it happened”.

Crowdstrike is a dead company now.

Blaster_M , 7 hours ago

Cry me a half billion dollar river, maybe we can use that money to fix all the damamges it did.

mp3 , 9 hours ago

I don’t see the other companies fucking up so badly though.

GunValkyrie , 8 hours ago

You don’t? Shit I see it all the time.

downpunxx , 8 hours ago

well, no, not at the level of taking down half the air traffic, police, ems, fire services, in the free world, you don't

chrash0 , 8 hours ago

damn i haven’t used Windows in over a decade. are y’all ok?

aniki , 7 hours ago

Windows users are never OK.

prime_number_314159 , 1 hour ago

Have you tried turning them off, then turning them on again?

Wrench , 7 hours ago

Rofl, like Unix OSes never have problems. Even developers, who are among the most tech savvy users, tend to drag their feet on installing updates unless forced.

ramchak , 4 hours ago

Even developers, who are among the most tech savvy users

Doubt

capital , 2 hours ago

As a sysad, I’ll sign onto this.

chrash0 , 22 minutes ago

i was mostly making a joke about how this absolutely is not a common problem on any platform, not to this degree. and at least when my Arch and Nix systems go down i don’t have anyone to blame but myself. sure, systems have update issues, but a kernel level meltdown that requires a safe mode rescue? that’s literally never happened to me unless it was my fault

Lightor , 7 hours ago

You see CrowdStrike level of bad all the time? Where? What? Who?

ayyy , 4 hours ago

Equifax

Gork , 5 hours ago

That one recently with the 2.3 billion record data breach is pretty bad, and we collectively had no way to prevent it since it was through a private company.

howlingecko , 5 hours ago (edited 5 hours ago)

They whine about this now, after they removed their “shady commentary” towards Microsoft from their website

Reference: https://twitter.com/tomwarren/status/1816823026291270136

demesisx , 8 hours ago

In similar news, Enron says that people should stop being ambulance chasers by calling them out for corruption, fraud, and illegal activities.

ClownStrike had a massive, glaring issue with their main functionality that is THEIR COMPANY’S ONLY REASON FOR EXISTING that has been correctly attributed to criminally inept architecture decisions, no redundancy, no checks, no safety measures, and no accountability.

If I made the executive decision to design a system without any safety measures that could potentially push unchecked, malicious code to 90% of the computers that the business world runs on, I would be sued into dust. Honestly, if there were any justice in the world, the people at CrowdStrike that designed such a shite system should do actual prison time for their ineptitude.

aniki , 7 hours ago

If I made the executive decision to design a system without any safety measures that could potentially push unchecked, malicious code to 90% of the computers that the business world runs on, I would be sued into dust.

Or made a MS CEO…

/me glares at steve balmer

Boozilla , 9 hours ago

I wonder if they’ll end up doing a rename / rebrand if “ClownStrike” continues to haunt them (as it should).

If they do, I’m sure the new name will be some focus tested aberration they pay way too much for.

sunzu2 , 9 hours ago

Yes 🤡

reginald_crunklebottom_III , 2 hours ago

Crowdstrike didn’t just fuck up, they killed people. I personally had to postpone a blood test, but mine wasn’t critical and I’m alive to complain. Not everyone is.

CileTheSane , 1 hour ago

It’s okay, they sent out $10 gift cards for Uber Eats to apologize (that they immediately cancelled).

sudo , 1 hour ago

To their customers*. Not to the literally billions of people directly affected by their debacle.

Sneptaur , 9 hours ago

They deserve to go bankrupt after that level of damage. I won’t be surprised if a class action comes against them for gross negligence within the next few years. They’re cooked and they know it.

sunzu2 , 9 hours ago

Please proper nomanclature, clownstrike as in 🤡🤽‍♀️

paf0 , 8 hours ago

Companies all over the world shutdown because of their incompetence. They do not deserve to be in the security business.

Durandal , 9 hours ago

Did they try offering a $10 gift card to the other companies? “hah psyche!”

doggle , 2 hours ago

And their customers are unhappy with the catastrophic service failure. Cry me a river.

IAmTheZeke , 9 hours ago

Well companies serve humans. Be better

NaoPb , 7 hours ago

I am not in the knows about IT security at all, but isn’t fucking up part of any security company? You can make shitty comments all you want but who says your company isn’t the next one to fuck up?

BarbecueCowboy , 32 minutes ago

Not wrong, but they fucked up due to incompetence, not just some random preventable accident.

From the technical details I’ve seen, just having a basic testing process/environment should have easily prevented this. That should be the bare minimum.