Asklemmy

43363 readers

1305 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy 🔍

If your post meets the following criteria, it's welcome here!

Open-ended question
Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
Not ad nauseam inducing: please make sure it is a question that would be new to most members
An actual topic of discussion

Looking for support?

Looking for a community?

Lemmyverse: community search
sub.rehab: maps old subreddits to fediverse options, marks official as such
[email protected]: a community for finding communities

~Icon~ ~by~ ~@Double_[email protected]~

founded 5 years ago

MODERATORS

[email protected]

Crowdstrike Cockup (lemmy.world)

submitted 1 month ago by [email protected] to c/[email protected]

28 comments fedilink hide all child comments

So as we all know on the news, the cybersecurity firm Crowdstrike Y2K'd it's own end customers with a shoddy non-tested update.

But how does this happen? Aren't there programming teams and check their code or pass it to a quality assurance staff to see if it bricked their own machines?

8.5 Million machines too, does that effect home users too or is it only for windows machines that have this endpoint agent installed?

Lastly, why would large firms and government institutions such as railway networks and hospitals put all their eggs in one basket? Surely chucking everything into "The Cloud (Literally just another man's tinbox)" would be disastrous?

TLDR - Confused how this titanic tits up could happen and that 8.5 Million windows machines (POS, Desktops and servers) just packed up.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 3 points 1 month ago (1 children)

Fantastic write up. I'd just add something to this bit:

Basically companies wouldn’t use CS unless they are too lazy to change away, or they think it’s really that good.

I work in Cyber Security for a large organization (30,000+ end points). We're considering moving to CrowdStrike. Even after this cock-up, we're still considering moving to CS. I've had direct experience with several different A/V and EDR products, and every single one of them has had a bad update cause systems to BSOD. The reason this one hit so hard is that CS is one of the major EDR/XDR vendors. But ya, it's generally considered that good. Maybe some folks will move away after this. And maybe another product is nipping at their heels and will overtake them in the near future. But, for now, it's not surprising that it was everywhere for this situation to get really FUBAR.

[–] [email protected] 0 points 1 month ago (1 children)

If people don't start using alternatives, the Centralization remains as a vulnerability and this will happen again then.

[–] [email protected] 2 points 1 month ago

Perhaps instead of clients using two different security systems, Crowd strike and similar companies could have two or more completely independent teams sending out separate versions of their hourly updates. That way when something like this happens it would likely not bring down all of a client's systems, and help resilience? It could be made into a requirement for providing security software to critical/strategic industries like healthcare, power transmission/distribution, defense, etc.