Crowdstrike

eman1200

Touchdown! Greaser!
PoA Supporter
Joined
Mar 10, 2013
Messages
19,562
Location
Oakland, CA
Display Name

Display name:
Bro do you even lift
whooopsie.......

crowdstrike.gif


absolutely INSANE this issue can basically take out the entire world. banks, airports, railways, hospitals, etc...... really scary stuff. anyone else impacted and get paged at 3am?
 
The craziest thing is, stuff like this happens and people still think everything should be tied to the internet and computerized even though it's practically impossible to have a working back-up plan for if it all goes down.
 
Using windows for anything mission critical? Not me.
The problem isn't Windows. It's a bit of software that was unintentionally malicious (which generally means that guidelines were not followed.)
 
The craziest thing is, stuff like this happens and people still think everything should be tied to the internet and computerized even though it's practically impossible to have a working back-up plan for if it all goes down.
The advent of the Internet and having "everything tied to it" has been a primary driver in global economic growth for about 30 years now. You'd be living in a very different world without it, so be careful what you wish for.

There are plenty of easy ways to protect against this particular issue. One is, "Don't update all of your critical infrastructure simultaneously." However, that's a double-edged sword. For feature releases, maybe that's not a huge deal...worst-case, you have some computers running an older version for a few days or weeks and there's potential confusion in situations where people move between devices.

The problem occurs when you are trying to maintain "best practices" and install security-related updates promptly, to control exposure to identified vulnerabilities. You don't want to leave backdoors in your system open any longer than you have to. The whole reason businesses pay companies like Crowdstrike is to protect them from vulnerabilities.

If a bank security guard starts shooting at the cashiers, was the bank fundamentally mistaken when it made the decision to hire security guards?
 
… anyone else impacted and get paged at 3am?
Been sitting at a DFW airport hotel since early last night due to this. We are rebooked for an attempt later this morning that’s already had two “delays” communicated to us.
 
The good news is the mandatory BCP exercise that was going to cut my boating short this weekend is now postponed. Yay for Crowdstrike!
 
The good news is the mandatory BCP exercise that was going to cut my boating short this weekend is now postponed. Yay for Crowdstrike!

lol funny, I thought you said “our” boating time
 
My pager didn't go off because my pager company had crowdstrike installed and not patched.

Just kidding, I haven't been on call for over a decade.
 
lol funny, I thought you said “our” boating time
This weekend I'll have a bunch of college kids out with me. I know your position on boating with such a crowd. Looks like your only going to get as close as another low pass :)
 
The problem isn't Windows. It's a bit of software that was unintentionally malicious (which generally means that guidelines were not followed.)
The problem isn’t the screen door, the problem is thinking the screen door provides infrastructure supporting security
 
Pretty much every other gate monitor I’ve seen today.
7fb3ae70bfb0f07b857f59a13933219b.jpg


SMS/Text alerts are doing a good job communicating real time gate info. Gate agents are having to manually resolve some double booked re-bookings; AA is offering some travel credit for those who will pro-actively rebook.

DFW itself is reporting delays, but it’s clear and a million, so weather ain’t the cause if you were wondering.
 
Pretty much every other gate monitor I’ve seen today.
7fb3ae70bfb0f07b857f59a13933219b.jpg


SMS/Text alerts are doing a good job communicating real time gate info. Gate agents are having to manually resolve some double booked re-bookings; AA is offering some travel credit for those who will pro-actively rebook.

DFW itself is reporting delays, but it’s clear and a million, so weather ain’t the cause if you were wondering.

But are the airport bars open?
 
But are the airport bars open?

Interestingly enough, some but not all. Several were closed/closing around 7p last night when we were just starting to deal with our particular delay. Seems AA has been having problems since at least 5p last night.
 
MS being lazy and also IT management dropping the ball. Automatic updates should never be allowed in PROD until signed off by QA after in house testing. Didn't this happen with FireEye a few years ago? I made a ton of OT simply sitting at my desk waiting for Corp IT to OK a fix.
 
My Linux machines are running fine, as they always do.
The Windows machine that my company provides is down because they use Crowdstrike.

Here's one way to fix it:
Part 1: if you use Bitlocker (skip if you don't)
Hold down F8 while booting to get to safe mode
On the blue screen, press F8 once or twice to get to the Bitlocker screen
Enter your bitlocker key (you did save it, didn't you?)
This will take you to the safe mode options screen
Select 4 or F4 to boot to safe mode

Part 2:
If the machine is not already in safe mode, hold down F8 while booting to get to safe mode
At the safe mode login prompt, log in to the local machine
Find this Crowdstrike file: C:\Windows\System32\drivers\CrowdStrike\C-00000291*.sys
(It might be in a slightly different location on each machine)
Rename the file, for example change the extension.
Close all windows and reboot the machine normally.
 
I stuck my head in my office at about 1:30 this morning on my way to bed for two hours' sleep. My computer was crashed and I decided to not worry about it since I'm on vacation. Thanks to POA I know what's wrong with it.
 
If Windows wasn't such a hacker's paradise maybe it would not need add-on security software.
But is it a hacker's paradise precisely due to its massive user base and wide number of variants/versions?

Linux/Unix OS's aren't immune to security vulnerabilities.
 
there's a difference between a being a hacker's paradise because of the size of the user base (and the naivete/stupidity of said base) and being a hacker's paradise because of the relative ease of penetration.
 
there's a difference between a being a hacker's paradise because of the size of the user base (and the naivete/stupidity of said base) and being a hacker's paradise because of the relative ease of penetration.
Do public-facing Linux systems not also need add-on security software?
 
First off, I retired as of the end of June, so IDGAFF. :) Second, given the difficulty I have had getting my former employer to live up to even the most basic of their fiscal responsibilities, I'm tempted to be a little sad that they haven't migrated everything to Crowdstrike yet. But I won't.

I am, however, once again reminded of my numerous conversations with our CISO and IS teams regarding pushing updates to the numerous security agents deployed to corporate laptops. My arguments for testing in a small lab environment first fell on deaf ears. The most disturbing part is, this episode won't change their behavior either since it didn't directly torch them.

Do public-facing Linux systems not also need add-on security software?
Not in my experience. In 20+ years I've never had one broken into, either personally or at work - and my workplaces were fairly high profile targets (financial institutions).
 
I recognize that disk drive! I have a platter I show in my intro to computer science class. Also have mag tapes, too. Tossed allthe punch cards years ago.
I don't have any punch cards, but I still have a really old punch tape. Preserved coiled in a 35 mm film canister which is also now utterly ancient.

s-l1600.jpg
 
Back
Top