Author Topic: Crowdstrike  (Read 1538 times)

Offline Vulcan

  • Plutonium Member
  • *******
  • Posts: 9891
Re: Crowdstrike
« Reply #15 on: July 21, 2024, 02:35:18 PM »
i understand what zero day protection is, however if you have 1000 machines well behind firewalls, honey pots etc running your entire business, chances of even zero day exploit affecting them are marginal. Risk of this kind of screw up is much higher then non-internet exposed machines being affected.

In reality, there should be "urgent zero day" patch application as totally separate process for other patches that should be delayed by large companies. I'm willing to bet this particular update had no zero day protections in it...

It's all about layers. You never assume any layer is perfect, so a failure to detect in one layer is picked up by another.

Crowdstrike does it's analysis in the cloud, and nor is it a signature based scanner (it can do it, but that feature only came out recently, as in last few months). So sensor patches are usually things other zero day patches.

Offline Shuffler

  • Radioactive Member
  • *******
  • Posts: 27091
Re: Crowdstrike
« Reply #16 on: July 22, 2024, 12:39:10 PM »
Two engineering firms we deal with have recently started using firms in India to put together their drawings. The quality has noticeably gone way down. Their cost has noticeably gone way up. Now they pay us far more.
80th FS "Headhunters"

S.A.P.P.- Secret Association Of P-38 Pilots (Lightning In A Bottle)

Offline Mayhem

  • Nickel Member
  • ***
  • Posts: 664
      • http://www.damned.org
Re: Crowdstrike
« Reply #17 on: August 07, 2024, 05:05:06 PM »
I can't say Crowdstrike did me a dirty .... thanks to their screw up and the resulting overtime, I have the funds for an expensive Monstertech Sim Chair and a Virpil AH64 collective.
"Destination anywhere! So Far Gone, I'm almost There."
The Damned! (Est. 1988) Damned if we do - No fun if we don't!
S.A.P.P.- Secret Association Of P-38 Pilots (Lightning In A Bottle)

Offline AKIron

  • Plutonium Member
  • *******
  • Posts: 12799
Re: Crowdstrike
« Reply #18 on: August 07, 2024, 05:10:41 PM »
You probably won't hear that a foreign actor infiltrated their organization and sabotaged that patch. Wouldn't be prudent for a security company to advertise that. If it happened.
Here we put salt on Margaritas, not sidewalks.

Offline DmonSlyr

  • Platinum Member
  • ******
  • Posts: 6669
Re: Crowdstrike
« Reply #19 on: August 08, 2024, 09:36:02 AM »
You probably won't hear that a foreign actor infiltrated their organization and sabotaged that patch. Wouldn't be prudent for a security company to advertise that. If it happened.

I heard a rumor that it was actually Azure that suffered a major outage, which is tied to the White House AI technology, which then they called Crowdstrike to fix it immediately. CS created a patch to fix it, but failed a driver that completely rekt everything. A buddy was telling me you never release a patch update on Friday. So it was very strange that they did.

Just a rumor. Cannot confirm and could be total BS.
« Last Edit: August 08, 2024, 09:39:18 AM by DmonSlyr »
The Damned(est. 1988)
-=Army of Muppets=-
2014 & 2018 KoTH ToC Champion