- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ALL THINGS CrowdStrike - July 2024 Incident
Hi all! There are so many great discussions about CrowdStrike going on in this Community, but we want to bring them together in one place, so that folks can share and discuss efficiently!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Worth the read, but I take issue with the article's assertion:
"It’s pretty neat, and Crowdstrike’s Falcon has been instrumental in blunting the efforts of cyber-meanies for over a decade… but to do what it needs to get done, it requires deeper/more privileged access to the operating system than most programs would need, so when something does go wrong, boy can it go wrong!"
Whether you worship at the altar of "least privilege," "Zero Trust," or elsewhere, you should cringe at this statement. The core problem is that Crowdstrike tries to make chicken salad out of someone else's chicken poop and to do that, yes, it needs kernel-type access. This is the model that infests corporate IT. Rather than starting with secure systems, configured securely, and used in a secure manner, we ignore those things and purchase "magic bullet" software meant to compensate. Sometimes that magic bullet is really good, but we end up spending a lot of money and building a massive single points of failure because we are not doing the necessary work at the purchasing and provisioning stage. Failure is not only an option, it is inevitable. Yet with every passing year, we heighten the stakes of failure. Crowdstrike today, AI tomorrow, etc. We either refuse to follow what we already know, or, more likely, we fail to communicate that knowledge to decision-makers.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@JoePeteA lot of companies have may a lot of Billionaires over the years, due the model they propose - in some cases by putting an interface on the front end like a web proxy, which protects the back-end systems, without which they would be exposed to all sorts of horrible things. But the clients then get blase because the web proxy protects them and gives them leeway to other things. Falsehoods arise everywhere, and yet we do not challenge them or if we do we are either shutdown or told to keep quiet - whilst the Billionaires carry on make money. And we simply accept it normally.
And then someone states is a shared responsibility issue ..... shared maybe in fact we let them in the door in the first place to do their thing.
Regards
Caute_Cautim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So many of us remember or still hear M$ stating that they will no longer support an aging operating system.
I found this comical that basically the only airline in the US stayed operational on July 19th while other major airlines were taken out of service.
https://www.digitaltrends.com/computing/southwest-cloudstrike-windows-3-1/
d
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I must have something wrong, I was under the impression that under SOX any publicly traded company was required to only use operating systems that were still supported by the vendor. I have not seen anything stating that Microsoft was still supporting these system. Has the government just turned a blind eye to some companies? What am I missing here?
John-
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Agreed
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
* putting on my skeptical spectacles *
There are hundreds of articles claiming that SWA is running Windows 3.1, but I can't find a link which corroborates this claim.
But to be fair, let's accept the possibility that they're not affected because maybe they're not Crowdstrike customers.
A claim is as good as its veracity.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That makes a lot of sense. Thank you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You are probably correct, they may not be running the software. I know Air Canada stayed up and running and ARE NOT using CrowdStrike. Porter Airlines in Canada was affected.
Just found this on the Net:
Some airlines, including Southwest and Alaska, do not use CrowdStrike, the provider of cybersecurity software whose faulty upgrade to Microsoft Windows triggered the outages. Those carriers saw relatively few cancellations.
So it seems that the original article may be a piece of false news which explains a lot.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It's interesting to see how older technology can still play a crucial role in modern operations. The resilience of Southwest Airlines' system, despite its age, highlights the reliability and robustness of some older software. It's a bit of a paradox when you think about how companies like Microsoft push for constant upgrades, yet a 1992 Windows version can still handle critical tasks effectively.
On a related note, just as this old software is still proving its worth, GM Stock has shown similar resilience and adaptability in the ever-evolving automotive industry. It's a testament to how some things, no matter their age, can still perform exceptionally well when needed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not sure about the relationship of stock to a cybersecurity posture. can you explain it without a link, please?
A claim is as good as its veracity.