Conversation

Notices

1. Embed this notice
   Jonathan Kamens (jik@federate.social)'s status on Friday, 19-Jul-2024 21:40:47 JST Jonathan Kamens

   The thing I hope is alarming people about today's #CrowdStrike outage is that if the company can take out that much of America's tech infrastructure by accident with a single buggy update, our adversaries can do the same on purpose with a supply-chain attack against CrowdStrike, and that one probably wouldn't be as quick to recover from. #infosec

   • Embed this notice
     Jay Little (jaylittle@fosstodon.org)'s status on Saturday, 20-Jul-2024 07:40:20 JST Jay Little

     in reply to

     @jik Yep. The concept of highly privileged and absolutely trusted Endpoint Protection software is flawed to the core.

     Blaise Pabón - controlpl4n3 repeated this.
   • Embed this notice
     Jonathan Kamens (jik@federate.social)'s status on Saturday, 20-Jul-2024 07:40:21 JST Jonathan Kamens

     in reply to

     For those of y'all who are saying, "Well, this is what you get for letting #CrowdStrike push updates you haven't tested first," a little reality check...
     Endpoint protection vendors push updates _all the time_, which they need to do to protect against emerging threats. That's kind of the whole point.
     Companies pay EP vendors a shit-ton of money in exchange for the expectation that they will QA their shit properly before they ship it.
     CrowdStrike done fucked up here. Don't blame the victims.

     Blaise Pabón - controlpl4n3 repeated this.
   • Embed this notice
     Jonathan Kamens (jik@federate.social)'s status on Saturday, 20-Jul-2024 07:40:22 JST Jonathan Kamens

     in reply to

     I know the #CrowdStrike incident isn't exactly a cybersecurity incident, but I seriously hope the #CyberSafetyReviewBoard considers doing a full investigation, because it might as well have been. I'm sure there are valuable lessons to be learned here, if only we would make the effort to learn them.
     (Though, let's be honest, it's probably not anything we haven't been given many prior opportunities to learn.)

   • Embed this notice
     Jonathan Kamens (jik@federate.social)'s status on Saturday, 20-Jul-2024 07:40:30 JST Jonathan Kamens

     in reply to

     • Jay Little

     @JayLittle This is exactly the take I'm arguing against here.
     It is perfectly reasonable, and sometimes necessary, to trust vendors who have proven themselves trustworthy.
     We fucking trust the OS vendors. Nobody's reading every line of OS code to check for backdoors.
     The concept of trust isn't flawed. The problem here is that CrowdStrike abused that trust.