Post AkSOAFbLgx8lMKfEBc by GossiTheDog@cyberplace.social
(DIR) More posts by GossiTheDog@cyberplace.social
(DIR) Post #Ak5DWOiMvDdJrYE8hc by GossiTheDog@cyberplace.social
2024-07-19T07:03:17Z
0 likes, 1 repeats
Crowdstrike published a faulty update. Causes Windows to bluescreen. Driver is C-00000291*.sys. Will cause worldwide outages. Thread follows, I suspect. đ§”
(DIR) Post #Ak5DWQDbKaD6Whqb1U by GossiTheDog@cyberplace.social
2024-07-19T07:09:52Z
0 likes, 0 repeats
I am obtaining a copy of the driver to see if malicious or bad coding, if anybody else checking let me know.
(DIR) Post #Ak5DWREhXygVgPMzNQ by GossiTheDog@cyberplace.social
2024-07-19T07:14:06Z
0 likes, 1 repeats
If anybody is wondering the impact of the Crowdstrike thing - itâs really bad. Machines donât boot. The recovery is boot in safe mode, log in as local admin and delete things - which isnât automateable. Basically Crowdstrike will be in very hot water.
(DIR) Post #Ak5DWSMtL0pXC6D2mW by GossiTheDog@cyberplace.social
2024-07-19T07:41:17Z
0 likes, 1 repeats
You know it was coming...Crowdstrike's BSOP theme tune
(DIR) Post #Ak5DWTF85MDPuJaMK0 by GossiTheDog@cyberplace.social
2024-07-19T07:44:12Z
0 likes, 0 repeats
Sky News has gone off air in the UK.
(DIR) Post #Ak5DWTw1VsWi3LecBE by GossiTheDog@cyberplace.social
2024-07-19T08:11:40Z
0 likes, 0 repeats
Favour to IT folks fixing - could you please copy the C-00000291*.sys file to somewhere and upload it to Virustotal, and reply with the Virustotal link or file hash? It's still unclear if the update was malicious or just a bug.
(DIR) Post #Ak5DWUXxEqrrwzOuIq by GossiTheDog@cyberplace.social
2024-07-19T08:41:27Z
2 likes, 3 repeats
I've obtained copies of the .sys driver files Crowdstrike customers have. They're garbage. Each customer appears to have a different one.They trigger an issue that causes Windows to blue screen.I am unsure how these got pushed to customers. I think Crowdstrike might have a problem.
(DIR) Post #Ak5Da4XFtEDWR6mU2C by geordie@aus.social
2024-07-19T08:45:09Z
0 likes, 0 repeats
@GossiTheDog theyâre heavily encrypted and obfuscated. The registry keys for the app is also random hex values.
(DIR) Post #Ak5TjPbQWvBbeFCwJk by GossiTheDog@cyberplace.social
2024-07-19T09:13:31Z
0 likes, 0 repeats
If anybody is wondering, the update was delivered via channel file updates in Crowdstrike.
(DIR) Post #Ak5TjQgmUV3z18ijIm by GossiTheDog@cyberplace.social
2024-07-19T09:15:06Z
0 likes, 0 repeats
BBC tracker (they mix up an earlier Microsoft outage, what they're actually tracking is the Crowdstrike issue) https://www.bbc.co.uk/news/live/cnk4jdwp49et
(DIR) Post #Ak5TjRrS8JC4eWilZg by GossiTheDog@cyberplace.social
2024-07-19T09:30:45Z
0 likes, 0 repeats
The .sys files causing the issue are channel update files, they cause the top level CS driver to crash as they're invalidly formatted. It's unclear how/why Crowdstrike delivered the files and I'd pause all Crowdstrikes updates temporarily until they can explain.This is going to turn out to be the biggest 'cyber' incident ever in terms of impact, just a spoiler, as recovery is so difficult.
(DIR) Post #Ak5TjSapPbUQvFx0Ii by GossiTheDog@cyberplace.social
2024-07-19T09:32:13Z
0 likes, 0 repeats
CrowdStrike's shares are down 20% in pre-market.
(DIR) Post #Ak5TjTD77G7ApzrZya by GossiTheDog@cyberplace.social
2024-07-19T09:42:24Z
0 likes, 0 repeats
I'm seeing people posting scripts for automated recovery.. Scripts don't work if the machine won't boot (it causes instant BSOD) -- you still need to manually boot the system in safe mode, get through BitLocker recovery (needs per system key), then execute anything. Crowdstrike are huge, at a global scale that's going to take.. some time.
(DIR) Post #Ak5TjU8teQKrjCtj2e by GossiTheDog@cyberplace.social
2024-07-19T09:57:25Z
1 likes, 0 repeats
Crowdstrike statement: https://www.bbc.co.uk/news/live/cnk4jdwp49et?post=asset%3A0c379e1f-48df-493c-a11a-f6b1e3d1eb63#postBasically 'it's not a security incident... we just bricked a million systems'
(DIR) Post #Ak5TjUvoiXT2AvmnIG by GossiTheDog@cyberplace.social
2024-07-19T11:03:54Z
0 likes, 0 repeats
For anybody wondering why Microsoft keep ending up in the frame, they had an Azure outage and- this may be news to some people- a lot of Microsoft support staff are actually external vendors, eg TCS, Mindtree, Accenture etc. Some of those vendors use Crowdstrike, and so those support staff have no systems. But MS isnât the outage cause today.
(DIR) Post #Ak5TjVlDdQaGkLpqPg by GossiTheDog@cyberplace.social
2024-07-19T11:15:51Z
0 likes, 0 repeats
Crowdstrike publishes updated CIA triad
(DIR) Post #Ak5TjWJFato2Rtl1SS by sullybiker@sully.site
2024-07-19T11:46:04Z
0 likes, 0 repeats
@GossiTheDog We are not having a good day Kevin
(DIR) Post #Ak5im88BRbm3drHdui by GossiTheDog@cyberplace.social
2024-07-19T12:38:45Z
0 likes, 0 repeats
By far my fave thing with the Crowdstrike thing is Microsoft saying to try turning impacted PCs off and on again in a loop until you get the magic reboot where CrowdStrike updates before it blue screens.
(DIR) Post #Ak5im9GNEdv59Y7hJo by GossiTheDog@cyberplace.social
2024-07-19T12:49:16Z
1 likes, 0 repeats
lol Microsoft have put âreboot each box 15 timesâ on its website
(DIR) Post #Ak5im9p79Ti0tINRT6 by GossiTheDog@cyberplace.social
2024-07-19T13:05:07Z
0 likes, 0 repeats
The chuckle brothers at NoName attempting to claim they caused the incident. To be super clear, NoName can barely DDoS a bike shed website, and once asked me to make their logo in Minecraft.
(DIR) Post #Ak5imAGlUfpKH3JWZE by GossiTheDog@cyberplace.social
2024-07-19T13:44:41Z
2 likes, 3 repeats
Probably the funniest BBC news update so far (theyâve cleared the airways for this incident).
(DIR) Post #Ak5imAu78NIoF5iwts by GossiTheDog@cyberplace.social
2024-07-19T14:33:35Z
1 likes, 0 repeats
đ€Ș
(DIR) Post #Ak5jdz3LPcsX7lhQRM by vic@seal.cafe
2024-07-19T14:44:25.598487Z
0 likes, 0 repeats
@GossiTheDog They just needed more AI.
(DIR) Post #Ak6BUeOPedkb9rtMSe by GossiTheDog@cyberplace.social
2024-07-19T17:10:54Z
0 likes, 0 repeats
BBC News at 6 is leading the entire show with this. (They asked me to appear but I was slightly busy). For the record I spent much of the day trying to tell people it isnât a Microsoft issue.
(DIR) Post #Ak6BUfMK3tfm9fvCqG by GossiTheDog@cyberplace.social
2024-07-19T18:35:56Z
0 likes, 0 repeats
When I get successfully DDoSâd itâs both a security incident and Iâm not protectedâŠ
(DIR) Post #Ak6BUfhwlUyDEk2TY0 by GossiTheDog@cyberplace.social
2024-07-19T19:37:58Z
6 likes, 5 repeats
Billboards in Times Square blue screen of deathing. Nice way to find out which orgs use Crowdstrike, this đ€ŁSource is BBC News, if anybody wondering.
(DIR) Post #Ak6JDwIsbo3HPxqXS4 by aud@fire.asta.lgbt
2024-07-19T21:03:26.150Z
2 likes, 0 repeats
@GossiTheDog@cyberplace.social "it wasn't a security incident!! our customers remain fully protected!!" i continue to insist as i slowly shrink and transform into a corn cob
(DIR) Post #Ak6fdRin8I0V5dXAoq by GossiTheDog@cyberplace.social
2024-07-19T19:57:22Z
0 likes, 0 repeats
Crazy video of flights being ground stopped across the US earlier today, due to the CrowdStrike issue. https://www.bbc.co.uk/news/live/cnk4jdwp49et?post=asset%3Ae7676a84-628c-4830-ba22-3b86a0d7de4c#post
(DIR) Post #Ak6fdSOybRkdCTGrZY by GossiTheDog@cyberplace.social
2024-07-19T19:59:41Z
1 likes, 0 repeats
Photos of CrowdStrike issue https://www.theverge.com/24202037/microsoft-crowdstrike-outage-blue-screen-error-photos
(DIR) Post #Ak6fdXl8gTRxoeg8JM by GossiTheDog@cyberplace.social
2024-07-19T20:56:27Z
1 likes, 0 repeats
*whispers* They work remotely on Friday
(DIR) Post #Ak80ByPgHgwWZKIRcG by Suiseiseki@freesoftwareextremist.com
2024-07-20T16:59:07.259181Z
0 likes, 0 repeats
@GossiTheDog Ah yes, the consequences of running windows on computers that should have been running GNU/Linux.
(DIR) Post #AkErw64eavR8AV6DJo by systemadminihater@cyberplace.social
2024-07-19T11:10:25Z
0 likes, 0 repeats
@GossiTheDog I dont know how to use this platform but you seem to. here is a semi automatic way that I solved this on 1000 machines in 30 minutes.Copy your custom drivered WinPE image (or a bare one from the ADK) to your system. Mount it with wimlib. Edit startnet.cmd and add del C:\Windows\System32\drivers\CrowdStrike\C-00000291*.sysexitunmount imageput image in your PXE loader OR make it a usb bootable in RufusSave an assload of time.
(DIR) Post #AkErw7ZB2vRknSO6XA by Eldeberen@social.middleearth.fr
2024-07-19T14:00:52.932751Z
0 likes, 0 repeats
@systemadminihater Does Bitlocker was enabled on the targets?Moreover you still need PXE capability, which can be tricky for employees devices (who can be worldwide).Thus, still a good solution if it works in your context :)
(DIR) Post #AkErw8dT4STO73P2rQ by Nepiant@bae.st
2024-07-24T00:29:42.350036Z
0 likes, 0 repeats
@Eldeberen @systemadminihater man why did they have to call it PXE when they totally could've called it PEE?
(DIR) Post #AkEu0iVzoVJqSRDe0O by GossiTheDog@cyberplace.social
2024-07-20T09:19:15Z
0 likes, 0 repeats
CrowdStrike have effectively a mini root cause analysis outPretty much as everybody knows, they did a channel update and it caused the driver to crash. If they blame the person who did the update.. they shouldnât, as it sounds like an engine defect. https://www.crowdstrike.com/blog/technical-details-on-todays-outage/
(DIR) Post #AkEu0j2FsZ7i4UJPHs by jeroen@mastodon.habets.dev
2024-07-20T09:23:03Z
1 likes, 2 repeats
@GossiTheDog #OopsyDaisy
(DIR) Post #AkEu0k6Xu69LO5KLc8 by GossiTheDog@cyberplace.social
2024-07-20T10:46:05Z
0 likes, 0 repeats
For the people thinking âshouldnât testing catch this?â, the answer is yes. Clearly something went wrong. This isnât CrowdStrikeâs first rodeo on this, although it is the most severe incident so far. Eg just last month they had an issue where a content update pushed CPU to 100% on one core: https://www.thestack.technology/crowdstrike-bug-maxes-out-100-of-cpu-requires-windows-reboots/ Truthfully these issues happen across all vendors - Iâve had my orgs totalled twice now by AV vendors, one while I was on holiday abroad and had to suspend said holiday.
(DIR) Post #AkEu0lxP141Z8J44dk by GossiTheDog@cyberplace.social
2024-07-20T10:51:40Z
0 likes, 0 repeats
Btw, that isnât to excuse it or any vendor. CrowdStrike have gotta be better at this stuff. And theyâll have to, as if they arenât transparent customers will flee. Itâs a warning shot to all AV/EDR/XDR vendors that if you fuck up availability, your brand will become failure. Itâs harsh but thatâs the media cycle and modern world.
(DIR) Post #AkEu0ns9tX1B4ccukC by GossiTheDog@cyberplace.social
2024-07-20T15:35:11Z
0 likes, 0 repeats
Microsoft estimate almost 9 million Windows devices are impacted by the CrowdStrike incident (likely from crash telemetry). https://blogs.microsoft.com/blog/2024/07/20/helping-our-customers-through-the-crowdstrike-outage/
(DIR) Post #AkEu0piJ38KEme24fI by GossiTheDog@cyberplace.social
2024-07-20T17:41:07Z
0 likes, 0 repeats
Hackers reboot announced for 2025, trailer dropped
(DIR) Post #AkEu0rY6E3LiTZGx28 by GossiTheDog@cyberplace.social
2024-07-21T17:15:22Z
0 likes, 0 repeats
The Verge has a quick look at the orgs trying to recover from the Crowdstrike incident. If youâre wondering why itâs dropped off the radar of most press, they think itâs over as Down Detector looks okay (which, to be clear, is not good logic). https://www.theverge.com/2024/7/21/24202960/crowdstrike-windows-outage-it-workers-photos-videos
(DIR) Post #AkEu0tcmVcHaufTibo by GossiTheDog@cyberplace.social
2024-07-22T17:41:53Z
1 likes, 0 repeats
How much is a significant number?
(DIR) Post #AkEu0vWpQii2omhzbk by GossiTheDog@cyberplace.social
2024-07-22T17:52:54Z
0 likes, 0 repeats
Interesting - did anybody keep a list of tweets by CrowdStrike staff during the start of the incident? This one has been deleted. https://x.com/brody_n77/status/1814186136149037459
(DIR) Post #AkEu0xjJFHshe4YzL6 by GossiTheDog@cyberplace.social
2024-07-22T20:48:19Z
0 likes, 0 repeats
US House committee calls on CrowdStrike CEO to testify on global outage https://www.washingtonpost.com/technology/2024/07/22/house-committee-calls-crowdstrike-ceo-testify-global-outage/
(DIR) Post #AkEu0zbwFfApTn8880 by GossiTheDog@cyberplace.social
2024-07-22T23:54:50Z
0 likes, 0 repeats
Crowdstrike are touting auto remediation of blue screen as an opt in feature. However, I just tried it - itâs not very successful, most boots still blue screen of death. I think CS need to be careful on messaging about this as it sounds like theyâre offering it as a silver bullet. It only works if networking kicks in and the agent updates before Windows finishes booting. https://www.reddit.com/r/sysadmin/comments/1e9nqyn/just_exited_a_meeting_with_crowdstrike_you_can/
(DIR) Post #AkEu11YT1XaLVbWNzk by GossiTheDog@cyberplace.social
2024-07-23T09:32:34Z
0 likes, 0 repeats
Delta cancelled another 20% of US flights yesterday as they struggle to recover from CrowdStrike incident https://www.bankinfosecurity.com/blogs/crowdstrike-disruption-restoration-taking-time-p-3673
(DIR) Post #AkEu13jsu3uGHasX4K by GossiTheDog@cyberplace.social
2024-07-23T11:08:14Z
0 likes, 0 repeats
CrowdStrike have published a video on YouTube about how to remediate PCs: https://www.youtube.com/watch?v=Bn5eRUaMZXk(Despite the name, Self-Remediation, it is manual).
(DIR) Post #AkEu15dZqU38AbwWW0 by GossiTheDog@cyberplace.social
2024-07-23T14:08:46Z
0 likes, 0 repeats
Delta are still struggling, suspending additional services.
(DIR) Post #AkEu17QtAd5Xjq1Q12 by GossiTheDog@cyberplace.social
2024-07-23T14:12:07Z
0 likes, 0 repeats
Upguard have published a list of companies they say are impacted by the CrowdStrike 'Global IT Outage', based on public reporting.https://www.upguard.com/crowdstrike-outageEdit: obviously itâs missing most companies as most companies arenât disclosing publicly.
(DIR) Post #AkEu19WdOEsAEEj2FU by GossiTheDog@cyberplace.social
2024-07-23T16:41:23Z
0 likes, 0 repeats
If anybody wonders what the file that took down 8.5 million Windows systems looks like.. it was 41kb in size. The only validity checking I can see CrowdStrike driver does is to check the first few bytes match the pattern seen in the screenshot before loading and executing.
(DIR) Post #AkEu1BQgJLIc8LxJFQ by GossiTheDog@cyberplace.social
2024-07-23T16:57:50Z
0 likes, 0 repeats
The US Department of Transport has opened an investigation into Delta over the disruption related to CrowdStrike incident. Good luck to the CrowdStrike account manager for Delta.
(DIR) Post #AkGqZJxl4xYGwfMyIK by GossiTheDog@cyberplace.social
2024-07-24T07:49:01Z
0 likes, 0 repeats
The initial Post Incident Review is out from CrowdStrike. Itâs good and really honest. Thereâs some wordsmithing (eg channel updates arenât code - their parameters control code). The key take away - channel updates are currently deployed globally, instantly. They plan to change this at a later date to operate in waves. This is smart (and what Microsoft do for similar EPP updates). https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/
(DIR) Post #AkGqZL236UZuGGNuca by GossiTheDog@cyberplace.social
2024-07-24T08:26:34Z
0 likes, 0 repeats
By âthis is smartâ I mean âthis is smart⊠nowâ. Obviously they shouldnât have been globally, simultaneously deploying kernel driver parameter changes across all customers: it was waiting to go wrong. They still are btw, as it will take a while to engineer the correct way of doing it.
(DIR) Post #AkGqZLegmpUEC6Slqi by GossiTheDog@cyberplace.social
2024-07-24T17:33:18Z
0 likes, 0 repeats
On insurance and CrowdStrike, Parametrix claim amongst just the Fortune 500 companies, they are facing $5.4bn in losses, of which around 10% will be covered by insurance. https://www.theguardian.com/technology/article/2024/jul/24/crowdstrike-outage-companies-cost
(DIR) Post #AkGqZMV9dlSCop0fcu by GossiTheDog@cyberplace.social
2024-07-24T17:51:23Z
1 likes, 0 repeats
CrowdStrike have won this year's Pwnie Award for Epic Fail, which will please @qwertyoruiop.
(DIR) Post #AkGqZN5JTKNScxvXzE by GossiTheDog@cyberplace.social
2024-07-24T19:49:20Z
0 likes, 1 repeats
(DIR) Post #AkGqZP2uBFdii4oeVk by GossiTheDog@cyberplace.social
2024-07-24T23:20:23Z
1 likes, 1 repeats
If you want to know something crazy:- This year TCS migrated their EDR to CrowdStrike- Then they announced a strategic partnership with CrowdStrike- Then they lost all their systems- Theyâre just finishing recovery today, 6 days in - Then they got a $10 Uber Eats voucher - âŠwhich got cancelled due to Uber flagging CrowdStrikeâs account as fraudulent
(DIR) Post #AkGrKjahc00Q2XC4X2 by systemadminihater@cyberplace.social
2024-07-19T19:16:54Z
1 likes, 0 repeats
@GossiTheDog People on CNBC were praising him because he used to be the CTO of McAfee.when McAfee did this exact same thing in 2010. Look it up. Seriously, its like a pattern for him.
(DIR) Post #AkGrvmytyBCTGlBKee by drizzy@cyberplace.social
2024-07-23T09:41:45Z
1 likes, 0 repeats
@GossiTheDog I suppose crowdstrike could use this outage as their carbon credits. Hey look how much co2 saved it with this simple trick!
(DIR) Post #AkGrvpH3ReuQNdgrE8 by drizzy@cyberplace.social
2024-07-23T09:45:53Z
0 likes, 0 repeats
@GossiTheDog you might know - I assume crowdstrike licensing/tos specifically indemnify them from situations like this I guess? So their customers will foot the bill I suspect..
(DIR) Post #AkGsNg7t3AjG7JgQCm by otte_homan@theblower.au
2024-07-24T23:32:45Z
0 likes, 0 repeats
@GossiTheDog bring in SW liability legislation (to protect users, not SW sellers).
(DIR) Post #AkGsNgzloppYoQtSC0 by IceCubeSoup@noauthority.social
2024-07-24T23:44:09Z
0 likes, 0 repeats
I am inclined to agree. Also, the processes used to clear updates like this for distribution should be open source and auditable by all external stakeholders who could be adversely impacted by a screwup. Unfortunately, that maps to pretty much half the world's population, so I'm not sure how that would work.@otte_homan @GossiTheDog
(DIR) Post #AkSOABxBFqE82sqbey by GossiTheDog@cyberplace.social
2024-07-25T08:40:37Z
0 likes, 0 repeats
CrowdStrike are⊠having a week.
(DIR) Post #AkSOAD8Yr0vNiTBD2O by GossiTheDog@cyberplace.social
2024-07-25T09:13:19Z
0 likes, 0 repeats
Questions for your EDR providers (do not assume they are experts in availability): - What are your different update processes?- How do you test them?- Do you dogfood test them?- Do you roll them out in waves? What are the details, eg what percentages and when? - Do you monitor failures and roll back?
(DIR) Post #AkSOAEFKjJw59lM8ES by GossiTheDog@cyberplace.social
2024-07-25T13:58:28Z
0 likes, 0 repeats
CrowdStrike staff members are selling CrowdStrike monopoly sets they were given on eBay.
(DIR) Post #AkSOAF7vSLbXt4tjKC by GossiTheDog@cyberplace.social
2024-07-25T23:09:45Z
0 likes, 0 repeats
CrowdStrike filed at 8-K with the SEC on July 22nd for a cybersecurity incident. https://www.board-cybersecurity.com/incidents/tracker/20240722-crowdstrike-holdings-inc-cybersecurity-incident/
(DIR) Post #AkSOAFbLgx8lMKfEBc by GossiTheDog@cyberplace.social
2024-07-25T23:11:03Z
0 likes, 0 repeats
Almost a week in, CrowdStrike say 97% of devices are back online. https://www.axios.com/2024/07/25/crowdstrike-97-percent-systems-online
(DIR) Post #AkSOAGLQvc0HfGE21A by GossiTheDog@cyberplace.social
2024-07-26T11:12:30Z
0 likes, 0 repeats
Microsoft are talking about changes to Windows after the CrowdStrike incident. Good. https://www.theverge.com/2024/7/26/24206719/microsoft-windows-changes-crowdstrike-kernel-driver
(DIR) Post #AkSOAGy4bwubb6ItFI by GossiTheDog@cyberplace.social
2024-07-29T23:00:04Z
0 likes, 0 repeats
Thereâs a really good discussion on @riskybusinessâs YouTube show about the CrowdStrike incident. About the 3 minute mark @alex made me realise I was far too kind to CrowdStrike. He rightly rips them apart. https://youtu.be/EGRqtscp4eE
(DIR) Post #AkSOAHvz1CpmauKjcu by GossiTheDog@cyberplace.social
2024-07-30T10:27:46Z
0 likes, 0 repeats
Delta are looking to sue CrowdStrike and Microsoft. HT @hrbrmstr https://www.cnbc.com/2024/07/29/delta-hires-david-boies-to-seek-damages-from-crowdstrike-microsoft-.html
(DIR) Post #AkSOAIYGirSWVeFJIm by GossiTheDog@cyberplace.social
2024-07-30T12:14:28Z
0 likes, 0 repeats
Re the Delta case - the lawyer theyâve hired successfully sued Microsoft previously on behalf of the US government, and the decision was upheld on appeal too. The ruling almost lead to the breaking up of Microsoft. The following US government backed out of the case. Bill Gates said at the time the lawyer was âout to destroy Microsoftâ. So thereâs a chance here the CrowdStrike incident may end up having implications across vendor industry around warranties etc, weâll see.
(DIR) Post #AkSOAJ2ktVqU2CVeoy by Jer@chirp.enworld.org
2024-07-30T12:19:51Z
0 likes, 1 repeats
@GossiTheDog My prediction is Microsoft will settle - and pay Crowdstrike to settle or buy them outright - if this case gets anywhere near creating a precedent that they have an obligation to their clients when it comes to software failures.
(DIR) Post #AkX2IhGTUubWGrK2W8 by GossiTheDog@cyberplace.social
2024-07-30T15:09:59Z
0 likes, 0 repeats
Jim Cramer does it again.
(DIR) Post #AkX2IiCG24pDA4MBaC by GossiTheDog@cyberplace.social
2024-07-31T10:15:36Z
0 likes, 0 repeats
Replacing an XDR platform at scale takes some time, so if youâre wondering what the translation of Elonâs tweet about Crowdstrike is: Elon: can we replace Crowdstrike? Somebody: yes, weâll begin looking into it but..Elon: job doneOf course.. given how the Twitter takeover happened maybe he just got them to uninstall it and #yolosec
(DIR) Post #AkX2Iix3E6FtVCFYWG by GossiTheDog@cyberplace.social
2024-07-31T14:01:48Z
0 likes, 0 repeats
Deltaâs CEO has confirmed they plan to take legal action against CrowdStrike after incurring a $500m loss 6 minute video interview: https://www.cnbc.com/2024/07/31/delta-ceo-crowdstrike-microsoft-outage-cost-the-airline-500-million.html
(DIR) Post #AkX2IjXv11kJLXUzz6 by GossiTheDog@cyberplace.social
2024-08-01T07:26:37Z
0 likes, 0 repeats
CrowdStrike shareholders are suing CrowdStrike https://www.bbc.com/news/articles/cy08ljxndr4o
(DIR) Post #AkX2IkACigN3GHPZey by GossiTheDog@cyberplace.social
2024-08-01T07:41:09Z
0 likes, 0 repeats
CrowdStrike made a net loss of $845m between 2018 until this year, and has taken on $743m of debt during this period.
(DIR) Post #AkX2IkeKueTQljVdcu by GossiTheDog@cyberplace.social
2024-08-01T12:24:08Z
0 likes, 0 repeats
Spirit Airlines in the US anticipates a $7.2 million hit to its third-quarter operating income due to operational disruptions caused by the CrowdStrike incident, which forced the carrier to cancel 470 flights.
(DIR) Post #AkX2Il877wIEG5RQ2a by GossiTheDog@cyberplace.social
2024-08-01T18:12:54Z
0 likes, 0 repeats
Here's the Delta boss on his thoughts about the CrowdStrike incident.They had 40k Windows Server boxes alone, all with BitLocker full disk encryption enabled, all of which wouldn't boot and weren't fixable without manually unlocking BitLocker. That had gone all in with CrowdStrike + Microsoft's most premium offerings.He has a really good point about how tech companies have become obsessed with growth as their only metric of success, and customer satisfaction is not on the radar.
(DIR) Post #AkX2IlkkoHCYBvWHGi by GossiTheDog@cyberplace.social
2024-08-01T18:27:13Z
1 likes, 0 repeats
There's a really mad moment in that interview where they ask them what assistance CrowdStrike have offered, and he essentially says nothing, not even a lunch voucher. What a time to be alive.
(DIR) Post #AkYpXjCteFgbYCPCvA by GossiTheDog@cyberplace.social
2024-08-02T15:28:53Z
1 likes, 1 repeats
CrowdStrikeâs website then vs now
(DIR) Post #AkZI8QBe7oVBzY6cO8 by GossiTheDog@cyberplace.social
2024-08-02T20:52:54Z
2 likes, 1 repeats
CrowdStrike complained to Cloudflare about a CrowdStrike parody site⊠and Cloudflare took it down. Without a court order. https://clownstrike.lol/crowdmad/
(DIR) Post #AkZLapAB9mnRQQee8G by GossiTheDog@cyberplace.social
2024-08-02T20:57:35Z
0 likes, 0 repeats
Additionally to loop this in, CrowdStrike submitted a takedown for a parody label (theyâve since rescinded it after being called out).
(DIR) Post #AkZLaqFB8gOEmE09Z2 by vic@seal.cafe
2024-08-02T21:36:15.709284Z
0 likes, 0 repeats
@GossiTheDog > cloudflare becomes weak once gaining enough market shareI am shocked, shocked
(DIR) Post #AkdPjXNRpZj9Jn6wO8 by GossiTheDog@cyberplace.social
2024-08-03T06:15:36Z
0 likes, 0 repeats
Weâve reached the part of the brand cycle where people are using CrowdStrike as an excuse https://www.theverge.com/2024/8/2/24212298/mrbeast-beast-games-crowdstrike
(DIR) Post #AkdPjYN88F4EP5yCX2 by GossiTheDog@cyberplace.social
2024-08-03T06:47:42Z
0 likes, 0 repeats
360 takes a look at the Crowdstrike kernel drivers - finds they implement an eBPF like system, contain a wide attack surface, donât check validity of update files (eg no signing of updates) and claim they contain conditions for LPE and RCE vulnerabilities. https://mp.weixin.qq.com/s/uD7mhzyRSX1dTW-TMg4UhQBefore people write this off as âthe Chineseâ, Iâll give you a hint: there really, really should be security research about the security of security products across all vendors. Iâve seen things.
(DIR) Post #AkdPjZDF0Ukd0iLoky by GossiTheDog@cyberplace.social
2024-08-03T21:21:34Z
0 likes, 0 repeats
Previously on Crowdstrike Falcon vulnerability research, check out this timeline where they tried to use NDAs to avoid disclosure, then fixed it without telling anybody. https://modzero.com/modlog/archives/2022/08/22/ridiculous_vulnerability_disclosure_process_with_crowdstrike_falcon_sensor/index.html
(DIR) Post #AkdPjatojgP0F3HKl6 by GossiTheDog@cyberplace.social
2024-08-04T20:24:40Z
0 likes, 0 repeats
EFF are calling for antitrust action after the CrowdStrike incident https://www.eff.org/deeplinks/2024/07/crowdstrike-antitrust-and-digital-monoculture
(DIR) Post #AoT4wlzMiF5iDSJ7iq by GossiTheDog@cyberplace.social
2024-08-05T09:47:27Z
0 likes, 0 repeats
Bloomberg report a vast majority of the CrowdStrike losses reported by customers will be judged by insurance as not covered by policies. https://www.bloomberg.com/news/articles/2024-08-02/billions-in-damages-from-crowdstrike-outage-to-go-uninsured
(DIR) Post #AoT4wnQLNQGWfPwBPc by GossiTheDog@cyberplace.social
2024-08-05T11:19:37Z
0 likes, 0 repeats
CrowdStrike are publicly threatening their customer, Delta. https://www.theverge.com/2024/8/5/24213521/crowdstrike-refutes-blame-delta-outage-litigation
(DIR) Post #AoT4wobiyaxmL0Gmn2 by GossiTheDog@cyberplace.social
2024-08-05T12:15:17Z
0 likes, 0 repeats
I've written up a bit about CrowdStrike's latest bold strategy.https://doublepulsar.com/crowdstrike-trying-to-use-legal-threats-to-suppress-criticism-and-parody-of-global-it-outage-49320e922120
(DIR) Post #AoT4wpZdNqsxKoIdAe by GossiTheDog@cyberplace.social
2024-08-06T17:01:41Z
0 likes, 0 repeats
Microsoft have now queued up to try publicly throw their customer under the bus, claiming (without evidence) Deltaâs CrowdStrike woes were due to non-Windows systems. The CrowdStrike issue only impacted Windows systems so I hope somebody at Microsoft knows what they are doing. https://www.theverge.com/2024/8/6/24214371/microsoft-delta-letter-crowdstrike-response-comments
(DIR) Post #AoT4wqNyMh9RqvqpdI by GossiTheDog@cyberplace.social
2024-08-06T17:07:07Z
0 likes, 0 repeats
If anybody wants the subtext of what is happening here, CrowdStrike and Microsoft both really do not want to get sued by Delta and have it go to court as it would potentially be explosive for both orgs and the wider security industry. The customers are always plebs to be milked, as is status quo.
(DIR) Post #AoT4wqcrTL3qb6oiq8 by GossiTheDog@cyberplace.social
2024-08-07T10:32:52Z
0 likes, 0 repeats
CrowdStrike incident root cause analysis is out.Overall, good⊠but.It is very verbose but doesnât say much. Some of the wording will confuse people - eg it talks about rings (waves) in a way which makes you think it is already implemented. It isnât. Theyâre saying they plan to implement it later.Channel updates werenât tested on a real Windows PC prior to deployment, they relied on automated bespoke code testing. They donât mention that and itâs the real reason. https://www.crowdstrike.com/wp-content/uploads/2024/08/Channel-File-291-Incident-Root-Cause-Analysis-08.06.2024.pdf
(DIR) Post #AoT4wrFV9fyAWwta4G by GossiTheDog@cyberplace.social
2024-08-07T12:13:40Z
0 likes, 0 repeats
Risky Business take on CrowdStrike root cause report is good. You can see the confusion the report provides in this discussion I think, eg some of the things are talked about as being implemented - but theyâre down as findings for improvement. Itâs the way the report is worded, to make you believe certain things existed.. that donât yet. https://youtu.be/IcayaFA7OcI
(DIR) Post #AoT4wrOMcj3gyR2esi by GossiTheDog@cyberplace.social
2024-08-07T15:12:41Z
0 likes, 0 repeats
Really good piece about CrowdStrike (technically CSC) misusing DMCA takedown notices over trademark disputes. CrowdStrike probably want to have a word with CSC about this and Cloudflare should tighten process as DMCA isnât supposed to be used for this. I know CSC do it.. but they shouldnât be. Wider point: cyber industry abusing process in takedowns. https://arstechnica.com/tech-policy/2024/08/parody-site-clownstrike-refused-to-bow-to-crowdstrikes-bogus-dmca-takedown/
(DIR) Post #AoT4wrpJ0YbqJzeAsK by GossiTheDog@cyberplace.social
2024-08-08T13:34:54Z
0 likes, 0 repeats
CrowdStrike have responded to two claimed vulnerabilities in CrowdStrike Falcon, including one made by a former staff member: https://www.crowdstrike.com/blog/tech-analysis-addressing-claims-about-falcon-sensor-vulnerability/There may be more to come on this one..
(DIR) Post #AoT4wsJRCWiDpRkEqG by GossiTheDog@cyberplace.social
2024-08-09T07:44:07Z
0 likes, 0 repeats
CrowdStrike vs Delta vs Microsoft continues to play out in public, now with SEC filings https://www.reuters.com/business/aerospace-defense/delta-air-warns-380-mln-revenue-hit-crowdstrike-outage-2024-08-08/
(DIR) Post #AoT4wsQWmANqBR3ttQ by GossiTheDog@cyberplace.social
2024-08-21T07:28:54Z
0 likes, 0 repeats
(DIR) Post #AoT4wsyuiJtBu59MUS by GossiTheDog@cyberplace.social
2024-09-19T09:52:32Z
0 likes, 0 repeats
The Germany government interviewed over 300 companies to find out the CrowdStrike impact to their orgs. Over 60% were impacted, and around half had to halt all operation, for an average of 10 hours. https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2024/240919_BSI-bitkom_Crowdstrike-Umfrage.html
(DIR) Post #AoT4wt9u3SgCSAI8cS by GossiTheDog@cyberplace.social
2024-09-26T11:30:20Z
0 likes, 0 repeats
The BBC have an in depth look at the impact of the CrowdStrike âglobal IT outageâ aka happy little non-cyber availability incidentItâs a really good article. Held up cancer care etc. https://www.bbc.com/news/articles/cr54m92ermgo
(DIR) Post #AoT4wtdgGkUzwWDv28 by GossiTheDog@cyberplace.social
2024-10-26T08:44:36Z
0 likes, 0 repeats
Delta have filed their lawsuit against CrowdStrike, accusing the firm of gross negligence in their testing regime. https://www.wsj.com/business/airlines/delta-sues-crowdstrike-over-july-operations-meltdown-099ad8fa
(DIR) Post #AoT4wtpjXw8kXtrXou by GossiTheDog@cyberplace.social
2024-10-29T21:59:05Z
0 likes, 0 repeats
CrowdStrike are now counter suing their own customer đ€ŁI really hope this heads to discovery and trial as Delta are correct about the testing on one system thing. CrowdStrike know that. They just arenât admitting it.
(DIR) Post #AoT4wuD88wr5iSoEHw by GossiTheDog@cyberplace.social
2024-11-19T13:48:26Z
0 likes, 0 repeats
Microsoft are making further changes to try to prevent another CrowdStrike moment https://www.theverge.com/2024/11/19/24299873/microsoft-windows-resiliency-initiative-crowdstrike-incident
(DIR) Post #AoT4wuSjCxKeUq6gbI by GossiTheDog@cyberplace.social
2024-11-27T11:48:11Z
0 likes, 0 repeats
CrowdStrike says customers who left âwonât be missedâ HT @metacurityhttps://www.theregister.com/2024/11/27/crowdstrike_q3_2025/
(DIR) Post #AunXYDczT2bhbf7L72 by GossiTheDog@cyberplace.social
2025-02-06T17:15:26Z
0 likes, 0 repeats
Congrats to CrowdStrike for being top right of the latest magic quadrant, for world's biggest cyber attacks!
(DIR) Post #AunXYEpR0G9hKXwn9E by GossiTheDog@cyberplace.social
2025-06-04T15:06:27Z
0 likes, 0 repeats
CrowdStrike still expects to take around another $65m in costs from their update snafu last year, they retained customers by offering financial incentives https://www.reuters.com/business/crowdstrike-shares-drop-windows-outage-fallout-hits-forecast-2025-06-04/
(DIR) Post #AunXYFeTwSzLsrpYiO by GossiTheDog@cyberplace.social
2025-06-04T19:42:08Z
1 likes, 1 repeats
US authorities are investigating CrowdStrike over their defective software update last year - and, intriguingly, their financial statements. Why intriguing? I mentioned last year - their financial position doesnât make sense. One to watch. https://www.wsj.com/business/telecom/crowdstrike-cooperating-with-federal-probes-into-july-software-outage-c39a96b5?st=ycLecq&reflink=desktopwebshare_permalink
(DIR) Post #Aungmc3yJWXR24fz8a by hal8999@infosec.exchange
2025-06-04T22:09:02Z
1 likes, 0 repeats
@GossiTheDog "Financial incentives" did not include discounts, contract extensions, or additional license counts. It was features that you didn't already have at a reduced rate...which will go up to full-boat pricing after the discount period.They turned a disaster into a sales tool.But, I still don't understand the complaints about airlines. There were companies who recovered in hours, or were able to stave off 100% penetration of the update....and recovered in hours.The organizations who took days and weeks didn't have a Crowdstrike problem. They had a management problem and some technical debt that got cashed in that night.[Edit: typos]
(DIR) Post #AungmdZCit7DhEIRSS by GossiTheDog@cyberplace.social
2025-06-04T22:19:58Z
1 likes, 0 repeats
@hal8999 re Delta - they went all in with CrowdStrike and Microsoft - e.g. they did 100% BitLocker encryption on every system, including servers, with pins too. Because of this, the automated recovery didn't work. So they got totalled.