Conversation

Notices

1. Embed this notice
   Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 20-Jul-2024 02:50:35 JST Kevin Beaumont

   Obvious point - the CrowdStrike worldwide IT incident is not the fault of one CrowdStrike staff member.

   Whoever created the signature or pushed the button does not operate in isolation. It’s a company with a $73bn market cap.

   They need to, later, go back and look at everything that went wrong.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 20-Jul-2024 02:54:55 JST Kevin Beaumont

     in reply to

     Also, if anybody thinks it’s not cool I gently teased CrowdStrike today - they can handle it, and we should highlight when InfoSec vendors cause global outages.

     Also, CrowdStrike’s management just spent 6 months poking Microsoft over the CSRB report.. I think it’s okay to point out this incident is, well, worse. Availability is a part of security - and a really big part.

     Bill repeated this.
   • Embed this notice
     Beutlin (meisterdieb@norden.social)'s status on Saturday, 20-Jul-2024 03:11:52 JST Beutlin

     in reply to

     @GossiTheDog very good point. I also have the feeling that many infosec people don’t understand that usability is as essential as availability. People built „shadow IT“ infrastructure if something is not available or useful for them.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 20-Jul-2024 03:24:04 JST Kevin Beaumont

     in reply to

     Also, while I’m on my soap box - there is a massive elephant the room around EDR cybersecurity vendors having such a high level of access worldwide without any real third party oversight.

     They’re all, bar Elastic, encoding signature updates, evading researchers, using NDAs etc. There’s also literal nation state spying going on.

     I think that whole area is a tinderbox and it’s had no real scrutiny.. like, at all.

   • Embed this notice
     Guelfo Alexander Ghibellini (guelfoalexander@cyberplace.social)'s status on Saturday, 20-Jul-2024 04:14:10 JST Guelfo Alexander Ghibellini

     in reply to

     @GossiTheDog well, if have nothing to hide, its always good that someone is watchin on ya

   • Embed this notice
     Guelfo Alexander Ghibellini (guelfoalexander@cyberplace.social)'s status on Saturday, 20-Jul-2024 04:17:53 JST Guelfo Alexander Ghibellini

     in reply to

     @GossiTheDog as far as I have understood, this incident has shown some nice ways to bypass BitLocker's procedure. if this is proven to be true, this should concern more than the outage itself.

   • Embed this notice
     Felix Dreissig (f30@chaos.social)'s status on Saturday, 20-Jul-2024 04:53:53 JST Felix Dreissig

     in reply to

     @GossiTheDog Any hints as to why you consider Elastic the exception here?

   • Embed this notice
     Rui Seabra (ruiseabra@mastodon.social)'s status on Saturday, 20-Jul-2024 06:06:36 JST Rui Seabra

     in reply to

     @GossiTheDog
     Wrong obvious point. Let me fix it for you: trusting your security with black boxes controlled by third parties means you only need 1 person with sufficient privileges to take down your business.#crowdstrike #cloud

   • Embed this notice
     Rui Seabra (ruiseabra@mastodon.social)'s status on Saturday, 20-Jul-2024 06:35:16 JST Rui Seabra

     @GossiTheDog
     It is, but I don't blame #CrowdStrike for exploiting idiots that hope to delegate security to a botnet operator. I blame the idiots.

   • Embed this notice
     Oook (oook@im-in.space)'s status on Saturday, 20-Jul-2024 08:04:14 JST Oook

     in reply to

     @GossiTheDog and the fault is shared with their customers who blindly set their production computers to autoupdate at the same time as their non production computers.

     Any company who has sane practices would have a large enough time window between updates of test and prod machines to find out about the issue and disable it before it impacts prod.