Crowdstrike

eman1200

eman1200

Touchdown! Greaser!
Joined
Mar 10, 2013
Messages
19,134
Location
Oakland, CA
Display Name
Display name:
Bro do you even lift
whooopsie.......

crowdstrike.gif


absolutely INSANE this issue can basically take out the entire world. banks, airports, railways, hospitals, etc...... really scary stuff. anyone else impacted and get paged at 3am?
 
The craziest thing is, stuff like this happens and people still think everything should be tied to the internet and computerized even though it's practically impossible to have a working back-up plan for if it all goes down.
 
Salty said:
Using windows for anything mission critical? Not me.
Click to expand...
The problem isn't Windows. It's a bit of software that was unintentionally malicious (which generally means that guidelines were not followed.)
 
Kenny Phillips said:
The problem isn't Windows. It's a bit of software that was unintentionally malicious (which generally means that guidelines were not followed.)
Click to expand...
And that bit of software runs on windows.
 
eman1200 said:
That’s like saying a plane is broken because the Garmin gtn650 in it has a software bug.
Click to expand...
No, it's like saying planes that don't have a gtn650 aren't affected by the software bug in the gtn650.
 
Salty said:
No, it's like saying planes that don't have a gtn650 aren't affected by the software bug in the gtn650.
Click to expand...

Well when you’re right you’re right salty. Hard to argue that logic. Spot on 10/10.
 
SkyChaser said:
The craziest thing is, stuff like this happens and people still think everything should be tied to the internet and computerized even though it's practically impossible to have a working back-up plan for if it all goes down.
Click to expand...
The advent of the Internet and having "everything tied to it" has been a primary driver in global economic growth for about 30 years now. You'd be living in a very different world without it, so be careful what you wish for.

There are plenty of easy ways to protect against this particular issue. One is, "Don't update all of your critical infrastructure simultaneously." However, that's a double-edged sword. For feature releases, maybe that's not a huge deal...worst-case, you have some computers running an older version for a few days or weeks and there's potential confusion in situations where people move between devices.

The problem occurs when you are trying to maintain "best practices" and install security-related updates promptly, to control exposure to identified vulnerabilities. You don't want to leave backdoors in your system open any longer than you have to. The whole reason businesses pay companies like Crowdstrike is to protect them from vulnerabilities.

If a bank security guard starts shooting at the cashiers, was the bank fundamentally mistaken when it made the decision to hire security guards?
 
eman1200 said:
… anyone else impacted and get paged at 3am?
Click to expand...
Been sitting at a DFW airport hotel since early last night due to this. We are rebooked for an attempt later this morning that’s already had two “delays” communicated to us.
 
The good news is the mandatory BCP exercise that was going to cut my boating short this weekend is now postponed. Yay for Crowdstrike!
 
My pager didn't go off because my pager company had crowdstrike installed and not patched.

Just kidding, I haven't been on call for over a decade.
 
eman1200 said:
lol funny, I thought you said “our” boating time
Click to expand...
This weekend I'll have a bunch of college kids out with me. I know your position on boating with such a crowd. Looks like your only going to get as close as another low pass :)
 
Kenny Phillips said:
The problem isn't Windows. It's a bit of software that was unintentionally malicious (which generally means that guidelines were not followed.)
Click to expand...
The problem isn’t the screen door, the problem is thinking the screen door provides infrastructure supporting security
 
Pretty much every other gate monitor I’ve seen today.
7fb3ae70bfb0f07b857f59a13933219b.jpg


SMS/Text alerts are doing a good job communicating real time gate info. Gate agents are having to manually resolve some double booked re-bookings; AA is offering some travel credit for those who will pro-actively rebook.

DFW itself is reporting delays, but it’s clear and a million, so weather ain’t the cause if you were wondering.
 
TCABM said:
Pretty much every other gate monitor I’ve seen today.
7fb3ae70bfb0f07b857f59a13933219b.jpg


SMS/Text alerts are doing a good job communicating real time gate info. Gate agents are having to manually resolve some double booked re-bookings; AA is offering some travel credit for those who will pro-actively rebook.

DFW itself is reporting delays, but it’s clear and a million, so weather ain’t the cause if you were wondering.
Click to expand...

But are the airport bars open?
 
eman1200 said:
But are the airport bars open?
Click to expand...

Interestingly enough, some but not all. Several were closed/closing around 7p last night when we were just starting to deal with our particular delay. Seems AA has been having problems since at least 5p last night.
 
MS being lazy and also IT management dropping the ball. Automatic updates should never be allowed in PROD until signed off by QA after in house testing. Didn't this happen with FireEye a few years ago? I made a ton of OT simply sitting at my desk waiting for Corp IT to OK a fix.
 
My Linux machines are running fine, as they always do.
The Windows machine that my company provides is down because they use Crowdstrike.

Here's one way to fix it:
Part 1: if you use Bitlocker (skip if you don't)
Hold down F8 while booting to get to safe mode
On the blue screen, press F8 once or twice to get to the Bitlocker screen
Enter your bitlocker key (you did save it, didn't you?)
This will take you to the safe mode options screen
Select 4 or F4 to boot to safe mode

Part 2:
If the machine is not already in safe mode, hold down F8 while booting to get to safe mode
At the safe mode login prompt, log in to the local machine
Find this Crowdstrike file: C:\Windows\System32\drivers\CrowdStrike\C-00000291*.sys
(It might be in a slightly different location on each machine)
Rename the file, for example change the extension.
Close all windows and reboot the machine normally.
 
I stuck my head in my office at about 1:30 this morning on my way to bed for two hours' sleep. My computer was crashed and I decided to not worry about it since I'm on vacation. Thanks to POA I know what's wrong with it.
 
You must log in or register to reply here.
Back
Top