Crowdstrike

[MRC01]

But is it a hacker's paradise precisely due to its massive user base and wide number of variants/versions?

Linux/Unix OS's aren't immune to security vulnerabilities.

Something like 70% of the servers on the internet run Linux, so its security is not due to obscurity.

That said, many companies do put add-on security software on Linux. But whether that is due to technical necessity or to corporate policy, is an open question.

 

[DaleB]

My bank isn't affected because we're still running these:
View attachment 131519

Interesting... most of it looks DEC-ish, but not really DEC. And is that a Kennedy tape drive on the left?

 

[Bob Noel]

Do public-facing Linux systems not also need add-on security software?

depends on the risk assessment.

But there aren't a lot of stories about linux machines getting a fresh install, connecting to the interweb to download the latest security hacks, and being hacked before all the updates can be installed. Of course that NEVER happens with windoze machines... nope.

For kicks and giggles, count the number of vulnerabilities and patches/updates/whatever that get published for windoze and compare that with linux. Before I retired <mumble> years ago, it wasn't funny how many more patches/updates/whatever needed to be applied to the windoze machines and how long it took to get it done.

 

[NealRomeoGolf]

That's funny right there.

 

[TCABM]

Yeah but when you go in everything is now 2-3 days behind and its YOUR problem to fix it.

That’s not how the airline business works though.

 

[ArrowFlyer86]

It is astonishing how 1 bad update from 1 vendor can tank our global systems: stranding people at airports, bringing down hospital operations and corporations. All because 1 team at 1 vendor f'd up a block of code.
And honestly taking systems down like this is something most malicious cyber actors can only dream of, and here CrowdStrike is ******* it all up and getting paid by clients to boot.
And I'm sure after it passes we'll all collectively forget how reliant we are on so many single points of failure

 

[cowman]

Nothing I preside over seems to be impacted- probably because I avoid anything cloud-based or 3rd party security solutions I have no control over. Blows my mind that this is the way of IT now... I guess it's cheaper than doing everything in-house. I have to concede the usefulness of canned management solutions as well but man... this shows the weakness of it.

The other thing is I don't think we're disabled as much because the individuals manning the counters/phones/etc are incapable of operating without the computer. I'd bet most of them could get out a notebook, pen, and phone and be able to muddle through for the day. Maybe that wouldn't work for things requiring complex scheduling and whatnot but surely you could manage for a lot of stuff. But taking that kind of initiative is against modern corporate culture these days and there's absolutely no incentive for anyone to stick their neck out like that... don't blame them at all. From what I hear most workers unable to do their jobs are occupying a chair and goofing off until the clock runs out of the day. Probably what I'd do too if I was still a corporate employee... silent fuming that my time was being wasted when I had stuff to do at home.

 

[Salty]

It is astonishing how 1 bad update from 1 vendor can tank our global systems: stranding people at airports, bringing down hospital operations and corporations. All because 1 team at 1 vendor f'd up a block of code.
And honestly taking systems down like this is something most malicious cyber actors can only dream of, and here CrowdStrike is ******* it all up and getting paid by clients to boot.
And I'm sure after it passes we'll all collectively forget how reliant we are on so many single points of failure

I'm absolutely certain the risk presented by the vulnerability they "fixed" with this release was far lower than the actual harm caused.

But hey, a bunch of idiots at a bunch of companies can point the finger at CrowdStrike and say "not my fault", which is really all you're gaining when you use such a product.

 

[cowman]

But hey, a bunch of idiots at a bunch of companies can point the finger at CrowdStrike and say "not my fault", which is really all you're gaining when you use such a product.

I get the impression there are a lot of decisions being made these days based on that sort of logic. “Due diligence has been done, it’s not my fault.”

 

[DaleB]

Nothing I preside over seems to be impacted- probably because I avoid anything cloud-based or 3rd party security solutions I have no control over. Blows my mind that this is the way of IT now... I guess it's cheaper than doing everything in-house. I have to concede the usefulness of canned management solutions as well but man... this shows the weakness of it.

I've never been convinced that it's cheaper. It's easier. It doesn't require that anyone -- especially middle and senior management -- actually know anything about what the hell they're doing. Farm it out to a vendor who could, if anyone asks, (but it seems no one does any more) provide some pretty PowerPoint slides showing how it is theoretically cheaper to pay them to do it than it is to actually hire, manage, and keep trained people to do it right. And of course most importantly, it wrongly absolves the managers and execs making these decisions of the responsibility when a vendor drops an anvil on their heads. The response never seems to be, "Hey, we're way too dependent on vendors to do this stuff". It's almost always, "We'll get them to knock a few bucks off our bill for torpedoing our entire business", or maybe "We'll find a new vendor and let them find new ways to screw us".

 

[geezer]

I clicked 4 toggle switches forming a 4 bit entry, then pushed the enter button until I had entered all the code to read punch tape slowly.

Then the computer read a short tape that programmed it to read fast.

The next tape was the system operating system, and now it could think!

The system normal status data was next.

Final step of rebooting after an outage from a voltage blip, was the RUN button, and a deluge of alarms came in for every event hat had occurred while the computer was down, plus alarms for every device in an alternate state, on purpose.

That ended my troubles, the operators took over and took whatever action the system needed to get the customer power back on from the thunder storm that took the computer down.

All the peripherals were on leased lines

 

[ArrowFlyer86]

And of course most importantly, it wrongly absolves the managers and execs making these decisions of the responsibility when a vendor drops an anvil on their heads.

Yessir! One lesson I learned in the earliest days of my career was how pervasive the culture of "risk-transfer" is across all levels of an organization, from junior level to C-Suite. Whether it's hiring decisions, evaluating buy-vs-build options, or just plain old ordinary transactional decisions. A lot of choices are dictated by what is the safest for them and presents the lowest career risk. By no coincidence a lot of these decisions are also made by committee, which further increases the surface area of blame so that no one person bears enormous career risk.

Doesn't really matter if you make the right decision if you never have to bear the consequences of a bad one

 

[pfarber]

Linux in the early days was a complete s***t show. Bind and Sendmail should make ANY *nix admin start to to shiver (I ran qmail, postfix was also a horror show... still is). How many TLS/SSH/SSL CERT advisories are there? SQL injection attacks area also common... all because devs only want to learn the latest language and never the entire stack.

Also you cannot blame MS for this... a thrd party uploaded an update that was pushed out. As I said before the real issue is that companies are allowing updates automatically. Again, FireEye anyone? The exact same thing.

My personal server is a cloud based CentOS 5 server happily doing web/db/email for damn near 15 years.

 

[pfarber]

I clicked 4 toggle switches forming a 4 bit entry, then pushed the enter button until I had entered all the code to read punch tape slowly.

Then the computer read a short tape that programmed it to read fast.

The next tape was the system operating system, and now it could think!

The system normal status data was next.

Final step of rebooting after an outage from a voltage blip, was the RUN button, and a deluge of alarms came in for every event hat had occurred while the computer was down, plus alarms for every device in an alternate state, on purpose.

That ended my troubles, the operators took over and took whatever action the system needed to get the customer power back on from the thunder storm that took the computer down.

All the peripherals were on leased lines

On board the sub I was on the MDF had a panel of switches and indicators that let you run embeded code (ROM) or if you were really bored you could position the heads manually, then enter the READ ROM start program code into the register and read either the sector, track, or entire binary. All the disk file locations were hard coded. Crazy, crazy times.

Early IBM HDDs (this would of been the mid 1990s) had a Cessna landing gear hydraulic pump and htdraulically positioned heads. Yes, it was a PM to service the HDD with 5056 hydraulic oil.

 

[Salty]

Linux in the early days was a complete s***t show. Bind and Sendmail should make ANY *nix admin start to to shiver (I ran qmail, postfix was also a horror show... still is). How many TLS/SSH/SSL CERT advisories are there? SQL injection attacks area also common... all because devs only want to learn the latest language and never the entire stack.

Also you cannot blame MS for this... a thrd party uploaded an update that was pushed out. As I said before the real issue is that companies are allowing updates automatically. Again, FireEye anyone? The exact same thing.

My personal server is a cloud based CentOS 5 server happily doing web/db/email for damn near 15 years.

What are you using as an email server now?

 

[Aviatorbrew]

I dodged those bullets today.
I had to fly from Denver down to luv field, round robin, to pick up my grandson for the week, I arived at Denver about 0230, Finally got through security. Went to the southwest terminal, I saw the monitors blue and a few people sleeping in the floor at an American area. Since the monitors were not working, I had to walk the terminal to find my flight. Then I heard about the IT crash. Luckily, we took off on time, 0510, Then I had to return at 1400. Both my flights where flawless

 

[MacFlier]

I dodged those bullets today.
I had to fly from Denver down to luv field, round robin, to pick up my grandson for the week, I arived at Denver about 0230, Finally got through security. Went to the southwest terminal, I saw the monitors blue and a few people sleeping in the floor at an American area. Since the monitors were not working, I had to walk the terminal to find my flight. Then I heard about the IT crash. Luckily, we took off on time, 0510, Then I had to return at 1400. Both my flights where flawless

That's because SWA systems are from the early 90s, before CrowdStrike was created.

 

[DaleB]

On board the sub I was on the MDF had a panel of switches and indicators that let you run embeded code (ROM) or if you were really bored you could position the heads manually, then enter the READ ROM start program code into the register and read either the sector, track, or entire binary. All the disk file locations were hard coded. Crazy, crazy times.

Early IBM HDDs (this would of been the mid 1990s) had a Cessna landing gear hydraulic pump and htdraulically positioned heads. Yes, it was a PM to service the HDD with 5056 hydraulic oil.

2311/2314. They were from the 1960s, not the 90s. The 2314 was the first disk system I worked on. The Army had a system that mounted a System/360 CPU, Selectric console, 3271 controller and 3277 CRT, 2514 card reader/punch, and a 1403 N1 printer in one semitrailer van, and a string of 2314s, six 2401 tape drives, and their controllers in a separate semi van. It was intended to be a mobile data center; one was attached to each infantry division and could deploy with the division. We had a pair of precise power 100KW Diesel generators that we ran the system off of fairly often in Korea, almost never in the States.

I remember the Cessna pumps in the disk drives. There was a screw on the rear of the drive that adjusted the oil pressure, if I recall correctly... one of our guys accidentally backed that out a turn too far one day at Camp Casey and ended up soaked from the chest down in hydraulic fluid. Fun times.

Toggling binary code in from the front panel was always fun for me. I think I needed to do it once or twice in the field to troubleshoot a problem. Still have my old well-thumbed green card around somewhere.

 

[Aviatorbrew]

That's because SWA systems are from the early 90s, before CrowdStrike was created.

Cool

 

[Cap'n Jack]

And that bit of software runs on windows.

The problem isn't Windows. It's a bit of software that was unintentionally malicious (which generally means that guidelines were not followed.)

No, it's not windows. My colleagues in China see no issues with their airlines and other businesses. Airlines seem to use Windows less than here, but windows is used there.

 

[Salty]

No, it's not windows. My colleagues in China see no issues with their airlines and other businesses. Airlines seem to use Windows less than here, but windows is used there.

If you’re not running windows this doesn’t impact you.

 

[Cap'n Jack]

If you’re not running crowdstrike for windows this doesn’t impact you.

Fixed that for you.

 

[Salty]

Fixed that for you.

No. My statement is fully and factually correct. crowdstrike for windows doesn’t run on anything else. My statement is that I wouldn’t use windows for a mission critical application, therefore this could never impact me, and that is fully and factually correct.

 

[Cap'n Jack]

No. My statement is fully and factually correct. crowdstrike for windows doesn’t run on anything else. My statement is that I wouldn’t use windows for a mission critical application, therefore this could never impact me, and that is fully and factually correct.

If you were a customer of one of the affected businesses, it would certainly impact you as many others have been impacted.
SciRef (and many other programs) run only on windows. If SciRef crashed my computer, that is a problem caused by SciRef, not microsoft. I'm pretty sure people can inadvertently write code that can crash any operating system.

According to this, Crowdstrike runs on Windows, Mac, and Linux:

Try CrowdStrike Falcon®

Take advantage of our free 15-day trial and explore the most popular solutions for your business. Try CrowdStrike free for 15 days!

www.crowdstrike.com

Isn't this the same product that caused the problems for windows?

Windows for "mission critical"- that your choice and your definition of "mission critical"

 

[Salty]

If you were a customer of one of the affected businesses, it would certainly impact you as many others have been impacted.
SciRef (and many other programs) run only on windows. If SciRef crashed my computer, that is a problem caused by SciRef, not microsoft. I'm pretty sure people can inadvertently write code that can crash any operating system.

According to this, Crowdstrike runs on Windows, Mac, and Linux:

Try CrowdStrike Falcon®

Take advantage of our free 15-day trial and explore the most popular solutions for your business. Try CrowdStrike free for 15 days!

www.crowdstrike.com

Isn't this the same product that caused the problems for windows?

Windows for "mission critical"- that your choice and your definition of "mission critical"

You are utterly impervious to any thought that doesn’t originate with you, aren’t you?

 

[donjohnston]

No. My statement is fully and factually correct. crowdstrike for windows doesn’t run on anything else. My statement is that I wouldn’t use windows for a mission critical application, therefore this could never impact me, and that is fully and factually correct.

I guess you don’t remember the crowdstrike update that took out Linux servers a couple years ago, huh?

 

[UngaWunga]

putting all your IT eggs in one basket can lead to fun and games and over time for the IT staff. Maybe don't depend only on one cloud provider? Definitely not one availability zone. But real planning for outages costs money, so we can't have that.

 

[Albany Tom]

Where I work is a mix of everything. Not really be design, just by being a large organization that's often what happens. I didn't get the 2am call, but friends did.

I'll get heat for this, but it really is a Windows issue. Not the first time this has happened, many years ago there were outages caused by AV, I think both MS's version and McAfee. It's an operating system that has never existed without security problems, it's patched constantly/forever, and it's often used in an environment with thousands of systems connected together. In that configuration it's very vulnerable to attack, particularly ransomware, so companies are using endpoint protection products like Crowdstrike to reduce that risk.

I've been in the PC business since roughly the beginning. Having hobbyists and small business owners write their own applications was pretty cool in the 1980s and 90s. Today, having a computer on the reservations desk at an airline that effectively runs the same OS as their back end servers is just silly.

CS is the symptom, not the problem.

 

[Everskyward]

An ironic name for the company...

 

[Cap'n Jack]

You are utterly impervious to any thought that doesn’t originate with you, aren’t you?

No. You made incorrect claims in your posts, and I provided information with citations showing the errors in your posts.

If what I wrote is incorrect, just show where the citation is wrong.

 

[Cap'n Jack]

Where I work is a mix of everything. Not really be design, just by being a large organization that's often what happens. I didn't get the 2am call, but friends did.

I'll get heat for this, but it really is a Windows issue. Not the first time this has happened, many years ago there were outages caused by AV, I think both MS's version and McAfee. It's an operating system that has never existed without security problems, it's patched constantly/forever, and it's often used in an environment with thousands of systems connected together. In that configuration it's very vulnerable to attack, particularly ransomware, so companies are using endpoint protection products like Crowdstrike to reduce that risk.

I've been in the PC business since roughly the beginning. Having hobbyists and small business owners write their own applications was pretty cool in the 1980s and 90s. Today, having a computer on the reservations desk at an airline that effectively runs the same OS as their back end servers is just silly.

CS is the symptom, not the problem.

Why does crowdstrike (and mcafee, and others) make products for apple and linux operating systems as well as windows? Some hypothesis include:

- All the operating systems have security issues and microsoft is no longer unique in having security holes​

- These vendors are selling people products that they don't really need for operating systems other than windows?​

- Managers are buying security products for all operating systems just to cover themselves and they can say all systems are equally protected? (The due diligence comment mentioned earlier)​

​

I go with the first and third options.​

On United Airlines, I can do a lot of reservation functions from my tablet or phone running android or iOS. I'm pretty sure those aren't the same OS they run on the back-end server.​

 

[weilke]

SMS/Text alerts are doing a good job communicating real time gate info. Gate agents are having to manually resolve some double booked re-bookings; AA is offering some travel credit for those who will pro-actively rebook.

In addition to a old fashioned VHF pager, my local fire dept dispatches us using notification App which provides a written representation of the dispatch along with mapping and units due. This is backed up by a SMS with the written info. A few months ago the App developer announced that they would stop sending the SMS as it was 'unreliable' and the data based version was 'better'. I hope they re-think that approach in view of the crowd strike boboo.

 

[Salty]

No. You made incorrect claims in your posts, and I provided information with citations showing the errors in your posts.

If what I wrote is incorrect, just show where the citation is wrong.

What I wrote is correct. You simply added restrictions to it that are not necessary to make the statement true and change the point I’m making.

 

[Capt. Geoffrey Thorpe]

 

[pfarber]

What are you using as an email server now?

i have always ran qmail. DJB is quite the zealot, but his stuff works. Only reason I had send mail on the server was it was the default install as was bind.

 

[pfarber]

2311/2314. They were from the 1960s, not the 90s. The 2314 was the first disk system I worked on. The Army had a system that mounted a System/360 CPU, Selectric console, 3271 controller and 3277 CRT, 2514 card reader/punch, and a 1403 N1 printer in one semitrailer van, and a string of 2314s, six 2401 tape drives, and their controllers in a separate semi van. It was intended to be a mobile data center; one was attached to each infantry division and could deploy with the division. We had a pair of precise power 100KW Diesel generators that we ran the system off of fairly often in Korea, almost never in the States.

I remember the Cessna pumps in the disk drives. There was a screw on the rear of the drive that adjusted the oil pressure, if I recall correctly... one of our guys accidentally backed that out a turn too far one day at Camp Casey and ended up soaked from the chest down in hydraulic fluid. Fun times.

Toggling binary code in from the front panel was always fun for me. I think I needed to do it once or twice in the field to troubleshoot a problem. Still have my old well-thumbed green card around somewhere.

I do remember it was an IBM but the Mk 88 MOD2 FCS was basically a Raytheon design that used some COTS peripherals like the MDF,tape and display etc. Everything else was hand wire wrapped with discrete logic cards... and amazing rube Goldberg -esq contraption.

 

[DaleB]

I do remember it was an IBM but the Mk 88 MOD2 FCS was basically a Raytheon design that used some COTS peripherals like the MDF,tape and display etc. Everything else was hand wire wrapped with discrete logic cards... and amazing rube Goldberg -esq contraption.

Yeah. Back then it wasn't uncommon to find commercial products that were all wire-wrapped. IBM mainframes up through the 308x series had a lot of wire wrap. In some cases it was all WW, in others they used multi-layer backplane boards, but there were many, many engineering changes that added wire wrap (and some wiring deletes done with a drill as well). Wire wrapping was king for many years before fast and dirt cheap PCB production became reality.

 

[pfarber]

No. My statement is fully and factually correct. crowdstrike for windows doesn’t run on anything else. My statement is that I wouldn’t use windows for a mission critical application, therefore this could never impact me, and that is fully and factually correct.

not going to get to far into the Windoze suks fight but your nieve to think that Windows is not ready mission critical devices. Windows NT was the start of many great OSs. Windows 7 and 10 are pretty much bulletproof.

The current Cloud strike issue was more human error that an OS one. Linux is a disaster area of 'sploits and bad software.

 

[pfarber]

Today, having a computer on the reservations desk at an airline that effectively runs the same OS as their back end servers is just silly.

you mean a terminal logged into a remote mainframe? sure there are some gui's for some tasks... but it's all just a front end for some old IBM 360 in a basement somewhere

 

[DaleB]

One of my previous employers had roughly 60,000 Linux servers, and around 90,000 Windows servers. Somehow they managed to stay in business. My most recent former employer had zero Windows servers, but still an absolute dependence on Microsoft 365 cloud services for the business to operate. Without 365 there would be no email, no access to most applications (they all used SSO), no phones (Teams Voice), and it would be challenging to even access their cloud hosted systems -- since cloud logins were also using Azure AD SSO.

The Windows enterprise server operating systems used in data center servers isn't quite the same as what's running on your laptop. I haven't touched a Windows back-end server in years, but for some applications they're kind of a necessary evil.