this post was submitted on 06 Oct 2024
332 points (98.3% liked)

Asklemmy

44132 readers
904 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy 🔍

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS
 

I would honestly think freezing airports, hospitals and other services for days would cause a lot of legal trouble.

At least that's what would happen if an experienced hacker did the same thing.

all 25 comments
sorted by: hot top controversial new old
[–] Sundial@lemm.ee 124 points 2 months ago (1 children)

These kinds of discussions are between corporations who have defined SLA's that specify things like reliability, uptime, etc. It's likely this outage breached this agreement so the lawyers of the companies are discussing internally and behind closed doors. This kind of thing doesn't get reported on in general.

[–] themeatbridge@lemmy.world 57 points 2 months ago (1 children)

And it might be years before the full fallout is fully litigated.

[–] Telorand@reddthat.com 16 points 2 months ago

The gears of justice grind slowly but finely.

[–] spankmonkey@lemmy.world 65 points 2 months ago (1 children)

At least that’s what would happen if an experienced hacker did the same thing.

If you ignore the context of a massive company doing an oopsie daisy and a malicious hacker intentionally trying to cause the same disruption, that makes sense. Fortunately, most people are aware of the difference.

They will most likely either be sued or have financial repercussions, although there realy isn't a replqcement waiting in the wings if they went down. Plus they have had a pretty solid reputation for years, so an occasional oopsie is going to happen and as long as it doesn't happen repeatedly it is likely to be forgotten about in 6 months.

Heck, I wasn't even impacted because my work laptop was off and it was already sorted out before I turned it on that day.

[–] SzethFriendOfNimi@lemmy.world 19 points 2 months ago* (last edited 2 months ago) (1 children)

If I had to guess there would be, at the very least, some businesses that used their business continuity insurance.

Those companies, after paying those claims, will probably be expecting reimbursement or preparing to sue crowdstrike to recoup those costs.

[–] dave@feddit.uk 13 points 2 months ago

And likely Crowdstrike will have their own insurance. At the end of the day, it’s just gamblers sitting at the table, moving the chips around.

[–] boatswain@infosec.pub 48 points 2 months ago
[–] Murdified@lemmy.sdf.org 30 points 2 months ago (1 children)

Well, for one, it's not known as "BSOD day" by any other customers that I know of. For two, there are contractual obligations, which prevents businesses from immediately pulling the plug and depriving them of funds, or from having knee jerk reactions, depending on your perspective. And finally, in just my own opinion, no other alternative solution provides a more compelling case for risk reduction without the same potential compromises even given the faulty deployment methodology that CS used. Sad, but true in my experience.

Needing kernel code for security sucks, don't have better options right now, encourage startups and take risks on them instead.

[–] Brkdncr@lemmy.world 4 points 2 months ago (1 children)

Sadly I’d say Cylance has a feature-complete alternative to Crowdstrike but Blackberry has done everything possible to not promote the product.

[–] digdilem@lemmy.ml 1 points 2 months ago* (last edited 2 months ago) (1 children)

Cylance was comparable several years ago. But, as you say, Blackberry bought it. Development effectively stopped at that moment. Reported bugs were going un-triaged and the software stopped moving forwards and AV software that isn't constantly adapting becomes a security risk in itself. The two are not comparable now - CS has a lot of extra features, especially in attack monitoring and analysis.

We were Cylance customers, and we changed to Crowdstrike when our contract expired. It was the right choice at the time, as was our decision to choose Cylance before them. Turns out we have pretty crappy luck.

[–] Brkdncr@lemmy.world 2 points 2 months ago

Yeah cylance definitely had some issues but it seems like they’ve recently been doing better in bringing features.

Another in this space is Palo Alto Networks XDR.

[–] digdilem@lemmy.ml 20 points 2 months ago (1 children)

They have a shitload of big contracts with a great many companies across the world. Money keeps coming in.

Legal actions take time. Years. Sometimes decades.

The software, when it isn't bricking computers, is actually pretty good.

This could equally have been caused by any other software running at ring 0. That's most antivirus software and most drivers. Drivers caused BSODs all the time - the difference here is only one of scale and timing. And, as it turns out, some pretty terrible quality control, test processes and release scheduling - and that is likely to be the focus of many of the legal actions.

Your reference to a hacker is spurious - deliberate vs accidental is a major distinction. As is cause and effect - Microsoft can be seen as equally to blame for allowing software to run at ring 0 and allowing this to happen.

[–] clutchtwopointzero@lemmy.world 6 points 2 months ago (1 children)

Need to remember that Microsoft was forced by regulators overseas to allow ring 0 third party software as part of antitrust proceedings. But the notion that antivirus software companies must be allowed to exist (instead of making the kernel infection proof) is also ridiculous

[–] digdilem@lemmy.ml 4 points 2 months ago (1 children)

Microsoft was forced by regulators overseas to allow ring 0 third party software as part of antitrust proceedings.

Interesting - I wasn't aware of that. Gave me a few minutes of interesting googling, thanks.

Looks like some people don't agree that is an excuse.

Also worth remembering is that Crowdstrike stopped RHEL 9 machines booting in a vaguely similar update to their falcon service a few months earlier, so it's not something that is exclusive to Windows. That also needed manual intervention to get vms booting. (I dealt with that one too - but it's easier to roll back to the previous kernel with Linux and we had fewer machines that were running falcon) Not surprisingly, there was a very similar blame game played them.

[–] clutchtwopointzero@lemmy.world 1 points 2 months ago

I heard the argument on the link you shared before but I can't figure out what "appropriate controls" would look like. That too sounds quite hand-wavy.

[–] bloodfart@lemmy.ml 16 points 2 months ago (1 children)

Plenty of people are talking about how they did get sued and it’s working itself out.

If you believe that crowdstrike is a normal company doing security then the fact that most of their customers stuck with them after the event shows they’re doing something right.

If you believe crowdstrike is a natsec cutout then it won’t matter if they get sued.

[–] stupidcasey@lemmy.world 2 points 2 months ago (2 children)

Lol, Is that what they are? Are they a branch of the Us government spying on people?

[–] bloodfart@lemmy.ml 4 points 2 months ago

I don’t feel one way or the other. Plenty of people instrumental to the company come from the natsec space though.

That’s not in and of itself damning though. Infosec people are often cops or soldiers of one kind or another because that’s where the jobs are.

[–] bloodfart@lemmy.ml 2 points 2 months ago

I want to make the subtext text actually. When you speak with people on the internet in information security focused places you are most likely talking directly to cops and soldiers a good amount of the time and certainly in the presence of them.

[–] xavier666@lemm.ee 15 points 2 months ago

Crowdstrike: If you sue us, we won't provide you with security anymore

Big companies: :(

(This is just satire)

[–] lnxtx@feddit.nl 14 points 2 months ago (1 children)

EULA. Limited warranty and liability.

Depends on what you agreed.

Also: xkcd 2347: Dependency

[–] intensely_human@lemm.ee 4 points 2 months ago (1 children)

According to the article, there is a question of gross negligence, which circumstance could have the effect of nullifying the contractual limitation of liability.

[–] flambonkscious@sh.itjust.works 2 points 2 months ago

And anyone who knows what they're doing would have built in decent safeguards - obviously hindsight is a luxury here, but there's a reason there's a whole lot of checking that goes on when others are downloading update content over a hostile network... Input validation is a thing, and all that.

They just weren't very mature on that front, and now we all got to laugh at them but everyone else made similar mistakes along the way, just most of them started their journey decades ago (thinking windows update, etc), so we forget about the learning curve they suffered through building a resilient process

[–] intensely_human@lemm.ee 7 points 2 months ago

Among Boies’ wide range of high-profile clients are Theranos, Harvey Weinstein, victims of Jeffrey Epstein, and Al Gore in Bush v. Gore around the results of the 2000 presidential election. He also led the government’s antitrust case against Microsoft in the 1990s.

damn