…according to a Twitter post by the Chief Informational Security Officer of Grand Canyon Education.
So, does anyone else find it odd that the file that caused everything CrowdStrike to freak out, C-00000291-
00000000-00000032.sys was 42KB of blank/null values, while the replacement file C-00000291-00000000-
00000.033.sys was 35KB and looked like a normal, if not obfuscated sys/.conf file?
Also, apparently CrowdStrike had at least 6 hours to work on the problem between the time it was discovered and the time it was fixed.
independantiste@sh.itjust.works 3 months ago
Every affected company should be extremely thankful that this was an accidental bug, because if crowdstrike gets hacked, it means the bad actors could basically ransom I don’t know how many millions of computers overnight
Evotech@lemmy.world 3 months ago
Don’t Google solar winds
planish@sh.itjust.works 3 months ago
Holy hell
peopleproblems@lemmy.world 3 months ago
Oooooooo this one again thank you for reminding me
floofloof@lemmy.ca 3 months ago
That one turns out to have been largely Microsoft’s fault for repeatedly ignoring warnings of a severe vulnerability relating to Active Directory. Microsoft were warned about it, acknowledged it and ignored it for years until it got used in the Solar Winds hack.
umbrella@lemmy.ml 3 months ago
lesson not learned
qprimed@lemmy.ml 3 months ago
security as a service is about to cost the world a pretty penny.
Telorand@reddthat.com 3 months ago
You mean it’s going to cost corporations a pretty penny. Which means they’ll pass those “costs of operation” on to the rest of us. Fuck.
Manifish_Destiny@lemmy.world 3 months ago
Where’s my fuckin raise
littlewonder@lemmy.world 3 months ago
All the more reason for companies to ignore security until they’re affected personally. The companies I’ve worked for barely ever invested in future cost-savings.
echodot@feddit.uk 3 months ago
On Monday I will once again be raising the point of not automatically updating software. Just because it’s being updated does not mean it’s better and does not mean we should be running it on production servers.
Of course they won’t listen to me but at least it’s been brought up.
expr@programming.dev 3 months ago
Thank God someone else said it. I was constantly in an existential battle with IT at my last job when they were constantly forcing updates, many of which did actually break systems we rely on because Apple loves introducing breaking changes in OS updates (like completely fucking up how dynamic libraries work).
Updates should be vetted. It’s a pain in the ass to do because companies never provide an easy way to rollback, but this really should be standard practice.
shield_gengar@sh.itjust.works 3 months ago
I’m thought it was a security definition download; as in, there’s nothing short of not connecting to the Internet that you can do about it.
helpImTrappedOnline@lemmy.world 3 months ago
I’ve got a feeling crowdstrike won’t be as grand of target anymore. They’re sure to loose a lot of clients…ateast until they spin up a new name and erease all traces of “cdowdstrike”.
reddit_sux@lemmy.world 3 months ago
I don’t think they will lose any big clients. I am sure they will have insurance to take care of compensations.
echodot@feddit.uk 3 months ago
That trick doesn’t work for B2B as organizations tend to do their research before buying. Consumers tend not to.
billwashere@lemmy.world 3 months ago
Third parties being able to push updates to production machines without being tested first is giant red flag for me. We’re human … we fuck up. I understand that. But that’s why you test things first.
I don’t trust myself without double checking, so why would we completely trust a third party so completely.
Pika@sh.itjust.works 3 months ago
This is actually a little worse, in my eyes if I understand it right anyway this company has a very strict we will update automatically regardless what you say ideology meaning that if they got actually compromised, malicious vectors could 100% push malicious payloads without sysadmin intervention.
Boom automatic kernel level malware with zero site level interaction overnight to every company using the product. Scary
Angry_Autist@lemmy.world 3 months ago
This is why I openly advocate for a diverse ecosystems of services, so not everyone is affected if the biggest gets targeted.
But unfortunately, capitalism favors only the frontrunner and everyone else can go spin, and we aren’t getting rid of capitalism anytime soon.
So basically, it is inevitable that crowdstrike WILL be hacked, and the next time will be much much worse.
Cryophilia@lemmy.world 3 months ago
Properly regulated capitalism breaks up monopolies so new players can enter the market. What you’re seeing is dysfunctional capitalism - an economy of monopolies.
driving_crooner@lemmy.eco.br 3 months ago
Years ago I read an study about insurance companies and diversification of assets in Brazil. By regulation, an individual insurance company need to have a diversified investment portfolio, but the insurance market as a whole not, so the diversification of every individual company, as a whole all the insurance market was exposed and the researchers found, iirc, like 3 banks that if they fail can they cause a chain reaction that would take out the entire insurance market.
Don’t know why, but your comment made me remind of that.
Miaou@jlai.lu 3 months ago
I’d assume state (or other serious) actors already know about these companies.
Pika@sh.itjust.works 3 months ago
Yeah the fact that this company calls it feature that they can push an update anytime without site level intervention is scary to me. If they ever did get compromised boom every device running their program suddenly has a kernel level malware essentially overnight.