Crowdstrike's outage report

blaineg shared a link said Thu, Jul 25th 2024 at 11:36am ET

TL;DR: “We’re going to start doing testing and staged deploys, just like they teach in school.”

https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/

2 comments, 2 replies
Comment

werehatrack said Thu, Jul 25th 2024 at 12:09pm ET:

EULA rewrite to include authorization for any user system to be employed for “wide beta” in 3…2…1…

2
- Reply
- Whisper
blaineg said Thu, Jul 25th 2024 at 3:12pm ET:

My favorite thought on Crowdstrike’s disaster: The client apparently does no checking on the update files.

How hard would it be to feed it a malicious update, not just a buggy one?

2
- Reply
- Whisper
- @blaineg push a bios update that reboots itself before it finished?
  
  pakopako said Thu, Jul 25th 2024 at 3:13pm ET
  - 0
  - Reply
  - Whisper
- Hypothetically if you had a malicious actor in your midst (a disgruntled former employee), they could push a site wide malware file that gets loaded with the update (presuming they know the directory the update is going to be in)
  
  The Crowdstrike method is fairly secure, but as a client you give up a lot of autonomy when you trust them as a more hands-on service.
  
  TL;DR - if other security services are more like having Glenn on tape delay so he doesn’t have a wardrobe malfunction on a live feed, having CS being the security service is like having another arm within Glenn; in theory Meh’s arm doesn’t have to work so hard, but it does feel crowded.
  
  pakopako said Thu, Jul 25th 2024 at 3:30pm ET
  - 0
  - Reply
  - Whisper