Crowdstrike

[eman1200]

whooopsie.......




absolutely INSANE this issue can basically take out the entire world. banks, airports, railways, hospitals, etc...... really scary stuff. anyone else impacted and get paged at 3am?

 

[Salty]

Using windows for anything mission critical? Not me.

 

[SkyChaser]

The craziest thing is, stuff like this happens and people still think everything should be tied to the internet and computerized even though it's practically impossible to have a working back-up plan for if it all goes down.

 

[Sac Arrow]

My pager went off an hour and a half ago.

I feel pretty old.

 

[Kenny Phillips]

Using windows for anything mission critical? Not me.

The problem isn't Windows. It's a bit of software that was unintentionally malicious (which generally means that guidelines were not followed.)

 

[Salty]

The problem isn't Windows. It's a bit of software that was unintentionally malicious (which generally means that guidelines were not followed.)

And that bit of software runs on windows.

 

[eman1200]

And that bit of software runs on windows.

That’s like saying a plane is broken because the Garmin gtn650 in it has a software bug.

 

[Salty]

That’s like saying a plane is broken because the Garmin gtn650 in it has a software bug.

No, it's like saying planes that don't have a gtn650 aren't affected by the software bug in the gtn650.

 

[eman1200]

No, it's like saying planes that don't have a gtn650 aren't affected by the software bug in the gtn650.

Well when you’re right you’re right salty. Hard to argue that logic. Spot on 10/10.

 

[Jim_R]

The craziest thing is, stuff like this happens and people still think everything should be tied to the internet and computerized even though it's practically impossible to have a working back-up plan for if it all goes down.

The advent of the Internet and having "everything tied to it" has been a primary driver in global economic growth for about 30 years now. You'd be living in a very different world without it, so be careful what you wish for.

There are plenty of easy ways to protect against this particular issue. One is, "Don't update all of your critical infrastructure simultaneously." However, that's a double-edged sword. For feature releases, maybe that's not a huge deal...worst-case, you have some computers running an older version for a few days or weeks and there's potential confusion in situations where people move between devices.

The problem occurs when you are trying to maintain "best practices" and install security-related updates promptly, to control exposure to identified vulnerabilities. You don't want to leave backdoors in your system open any longer than you have to. The whole reason businesses pay companies like Crowdstrike is to protect them from vulnerabilities.

If a bank security guard starts shooting at the cashiers, was the bank fundamentally mistaken when it made the decision to hire security guards?

 

[masloki]

As I haven’t worn a pager since high school (thank gawd) I had no clue what was this thread was about. Ah. AA, UA and DL all asked for a ground stop. Ouch. https://www.msn.com/en-us/money/com...haos-with-airline-bank-and-other-disruptions/

 

[eman1200]

As I haven’t worn a pager since high school (thank gawd) I had no clue what was this thread was about. Ah. AA, UA and DL all asked for a ground stop. Ouch. https://www.msn.com/en-us/money/com...haos-with-airline-bank-and-other-disruptions/

lol don’t know why I said paged when I got a phone call.

 

[bnt83]

How are the pharmacies working?

 

[TCABM]

… anyone else impacted and get paged at 3am?

Been sitting at a DFW airport hotel since early last night due to this. We are rebooked for an attempt later this morning that’s already had two “delays” communicated to us.

 

[Mahneuvers]

The good news is the mandatory BCP exercise that was going to cut my boating short this weekend is now postponed. Yay for Crowdstrike!

 

[eman1200]

The good news is the mandatory BCP exercise that was going to cut my boating short this weekend is now postponed. Yay for Crowdstrike!

lol funny, I thought you said “our” boating time

 

[bflynn]

My pager didn't go off because my pager company had crowdstrike installed and not patched.

Just kidding, I haven't been on call for over a decade.

 

[Mahneuvers]

lol funny, I thought you said “our” boating time

This weekend I'll have a bunch of college kids out with me. I know your position on boating with such a crowd. Looks like your only going to get as close as another low pass

 

[Bob Noel]

The problem isn't Windows. It's a bit of software that was unintentionally malicious (which generally means that guidelines were not followed.)

The problem isn’t the screen door, the problem is thinking the screen door provides infrastructure supporting security

 

[TCABM]

Pretty much every other gate monitor I’ve seen today.

SMS/Text alerts are doing a good job communicating real time gate info. Gate agents are having to manually resolve some double booked re-bookings; AA is offering some travel credit for those who will pro-actively rebook.

DFW itself is reporting delays, but it’s clear and a million, so weather ain’t the cause if you were wondering.

 

[eman1200]

Pretty much every other gate monitor I’ve seen today.

SMS/Text alerts are doing a good job communicating real time gate info. Gate agents are having to manually resolve some double booked re-bookings; AA is offering some travel credit for those who will pro-actively rebook.

DFW itself is reporting delays, but it’s clear and a million, so weather ain’t the cause if you were wondering.

But are the airport bars open?

 

[Baked Potato]

But are the airport bars open?

Sorry, all the taps are down. Bottle service only

 

[Sac Arrow]

lol don’t know why I said paged when I got a phone call.

I called you as soon as I got your page, man.

 

[TCABM]

But are the airport bars open?

Interestingly enough, some but not all. Several were closed/closing around 7p last night when we were just starting to deal with our particular delay. Seems AA has been having problems since at least 5p last night.

 

[kaiser]

My bank isn't affected because we're still running these:

 

[Salty]

My bank isn't affected because we're still running these:
View attachment 131519

Not sure any of those are actual computers though. Maybe the second one from the left.

 

[jordane93]

It’s nice to be off from work when meltdowns like this happen.

 

[pfarber]

MS being lazy and also IT management dropping the ball. Automatic updates should never be allowed in PROD until signed off by QA after in house testing. Didn't this happen with FireEye a few years ago? I made a ton of OT simply sitting at my desk waiting for Corp IT to OK a fix.

 

[pfarber]

It’s nice to be off from work when meltdowns like this happen.

Yeah but when you go in everything is now 2-3 days behind and its YOUR problem to fix it.

 

[MRC01]

My Linux machines are running fine, as they always do.
The Windows machine that my company provides is down because they use Crowdstrike.

Here's one way to fix it:
Part 1: if you use Bitlocker (skip if you don't)
Hold down F8 while booting to get to safe mode
On the blue screen, press F8 once or twice to get to the Bitlocker screen
Enter your bitlocker key (you did save it, didn't you?)
This will take you to the safe mode options screen
Select 4 or F4 to boot to safe mode

Part 2:
If the machine is not already in safe mode, hold down F8 while booting to get to safe mode
At the safe mode login prompt, log in to the local machine
Find this Crowdstrike file: C:\Windows\System32\drivers\CrowdStrike\C-00000291*.sys
(It might be in a slightly different location on each machine)
Rename the file, for example change the extension.
Close all windows and reboot the machine normally.

 

[jordane93]

Yeah but when you go in everything is now 2-3 days behind and its YOUR problem to fix it.

Still not my problem in my line of work lol

 

[Lindberg]

I stuck my head in my office at about 1:30 this morning on my way to bed for two hours' sleep. My computer was crashed and I decided to not worry about it since I'm on vacation. Thanks to POA I know what's wrong with it.

 

[kayoh190]

 

[dmspilot]

The problem isn't Windows. It's a bit of software that was unintentionally malicious (which generally means that guidelines were not followed.)

If Windows wasn't such a hacker's paradise maybe it would not need add-on security software.

 

[Baked Potato]

If Windows wasn't such a hacker's paradise maybe it would not need add-on security software.

But is it a hacker's paradise precisely due to its massive user base and wide number of variants/versions?

Linux/Unix OS's aren't immune to security vulnerabilities.

 

[Bob Noel]

there's a difference between a being a hacker's paradise because of the size of the user base (and the naivete/stupidity of said base) and being a hacker's paradise because of the relative ease of penetration.

 

[Baked Potato]

there's a difference between a being a hacker's paradise because of the size of the user base (and the naivete/stupidity of said base) and being a hacker's paradise because of the relative ease of penetration.

Do public-facing Linux systems not also need add-on security software?

 

[murphey]

My bank isn't affected because we're still running these:
View attachment 131519

I recognize that disk drive! I have a platter I show in my intro to computer science class. Also have mag tapes, too. Tossed allthe punch cards years ago.

 

[DaleB]

First off, I retired as of the end of June, so IDGAFF. Second, given the difficulty I have had getting my former employer to live up to even the most basic of their fiscal responsibilities, I'm tempted to be a little sad that they haven't migrated everything to Crowdstrike yet. But I won't.

I am, however, once again reminded of my numerous conversations with our CISO and IS teams regarding pushing updates to the numerous security agents deployed to corporate laptops. My arguments for testing in a small lab environment first fell on deaf ears. The most disturbing part is, this episode won't change their behavior either since it didn't directly torch them.

Do public-facing Linux systems not also need add-on security software?

Not in my experience. In 20+ years I've never had one broken into, either personally or at work - and my workplaces were fairly high profile targets (financial institutions).

 

[Salty]

I recognize that disk drive! I have a platter I show in my intro to computer science class. Also have mag tapes, too. Tossed allthe punch cards years ago.

I don't have any punch cards, but I still have a really old punch tape. Preserved coiled in a 35 mm film canister which is also now utterly ancient.