Comment

Comment on We finally know what caused the global tech outage - and how much it cost

On Wednesday, CrowdStrike released a report outlining the initial results of its investigation into the incident, which involved a file that helps CrowdStrike’s security platform look for signs of malicious hacking on customer devices.

source

Sort:hotnew top

whatwhatwhatwhat@lemmy.world ⁨1⁩ ⁨month⁩ ago
The fact that they weren’t already doing staggered releases is mind-boggling. I work for a company with a minuscule fraction of CrowdStrike’s user base / value, and even we do staggered releases.

source
- foggenbooty@lemmy.world ⁨1⁩ ⁨month⁩ ago
  They do have staggered releases, but it’s a bit more complicated. The client that you run does have versioning and you can choose to lag behind the current build, but this was a bad definition update. Most people want the latest definition to protect themselves from zero days. The whole thing is complicated and a but wonky, but the real issue here is cloudflare’s kernel driver not validating the content of the definition before loading it.
  
  source
  - whatwhatwhatwhat@lemmy.world ⁨1⁩ ⁨month⁩ ago
    Makes sense that it was a definitions update that caused this, and I get why that’s not something you’d want to lag behind on like you could with the agent. (Putting aside that one of the selling points of next-gen AV/EDR tools is that they’re less reliant on definitions updates compared to traditional AV.) It’s just a bit wild that there isn’t more testing in place.
    
    It’s like we’re always walking this fine line between “security at all costs” vs “stability, convenience, etc”. By pushing definitions as quickly as possible, you improve security, but you’re taking some level of risk too. In some alternate universe, CS didn’t push definitions quickly enough, and a bunch of companies got hit with a zero-day. I’d say it’s an impossible situation sometimes, but if I had to choose between outage or data breach, I’m choosing outage every time.
    
    source
AA5B@lemmy.world ⁨1⁩ ⁨month⁩ ago

a bug in CrowdStrike’s cloud-based testing system

Always blame the tests. There are so many dark patterns in this industry including blaming qa for being the last group to touch a release, that I never believe “it’s the tests”.

There’s usually something more systemic going on where something like this is missed by project management and developers, or maybe they have a blind spot that it will never happen, or maybe there’s a lack of communication or planning, or maybe they outsourced testing to the cheapest offshore providers, or maybe everyone has huge time pressure, but “it’s the tests”

source
- aStonedSanta@lemm.ee ⁨1⁩ ⁨month⁩ ago
  There was probably one dude at CrowdStrike going. Uh hey guys??? 😆
  
  source
Plopp@lemmy.world ⁨1⁩ ⁨month⁩ ago

Couldn’t it, though? 🤔

IANAD and AFAIU, not in kernel mode. Things like trying to read non existing memory in kernel mode are supposed to crash the system because continuing could be worse.

source
- 0x0@programming.dev ⁨1⁩ ⁨month⁩ ago
  I.meant couldn’t they test for a NULL pointer.
  
  source
  - chaospatterns@lemmy.world ⁨1⁩ ⁨month⁩ ago
    They could and clearly they should have done that but hindsight is 20/20.
    
    source
cheddar@programming.dev ⁨1⁩ ⁨month⁩ ago

The company routinely tests its software updates before pushing them out to customers, CrowdStrike said in the report. But on July 19, a bug in CrowdStrike’s cloud-based testing system — specifically, the part that runs validation checks on new updates prior to release — ended up allowing the software to be pushed out “despite containing problematic content data.”

It is time to write tests for tests!

source
- Passerby6497@lemmy.world ⁨1⁩ ⁨month⁩ ago
  My thoughts are to have a set of machines that have to run the update for a while, and if any single machine doesn’t pass and all allow it to move forward, it halts any further rollout.
  
  source