56
all 25 comments
sorted by: hot top controversial new old
[-] RedWizard@hexbear.net 31 points 4 months ago

Boy, my work is in the process of buying crowdstrike. Very cool... Shit seemed like just another McAfee with fancy graphs and the NSAs wet dream of telemetry.

[-] Frank@hexbear.net 31 points 4 months ago

If I'm reading this correctly modern AVs work by looking for patterns in software behavior that resemble the actions of currently circulating viruses to try to stay ahead of the rapid proliferation of new viruses and threats. So if program A.) behaves in some way like known virus 1.) the software will shut down program A.), not because it's a known threat, but because it behaves like a known threat. So if I'm following this guy something in the stream of behavioral information Crowdstrike sends to all it's client computers in real time flagged some core windows process or something as a threat and began attacking it. This resulted in BSOD bootloops across their network of clients.

Short version; Computer auto-immune disorder, the immune system is attacking the body because it's incorrectly identified some part of the body as a threat.

But for some cloud systems though, such as AWS, booting to “safe mode” is not even possible so this fix can’t be applied. Virtual servers need to be shut down, their disks cloned, attached to another server, edited to remove the offending files and then finally reattached to the original server.

Lol

BUT, if you’re protecting your data properly you would have used BitLocker for disk encryption and so you need to manually decrypt the disk with a BitLocker Recovery Key, which is probably - for most companies - stored digitally on one of the servers that is currently booting over and over 🫠

AHAAAAAHAAHHAHAAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAH HEY FUCKWITS MAYBE PUTTING ALL YOUR SHIT ON REMOTE ALWAYS ONLINE SERVERS OVER WHICH YOU HAVE NO CONTROL WAS A CRITICAL STRATEGIC FAILURE TO RETAIN CONTROL OF YOUR CORE ASSETS YOU DUMB FUCKS YOU GAVE AWAY THE KEYS TO THE VAULT TO A GUY IN BLANK WHITE MASK WITH "TRUST ME" WRITTEN ON IT HAHAHAHAHAHAHAHAHAHAHAHAHA

The cloud was always an obvious, utterly inexplicable mistake of astonishing proportions and it's hilarious that capitalism drove everyone to turn their systems in to dumb terminals over which they have little if any control. I'll just be here basking in my "I called it" from well over a decade ago.

[-] sharedburdens@hexbear.net 27 points 4 months ago

What if we took all of our extremely fragile eggs and put them all in single unstoppable basket i-love-not-thinking

[-] bobs_guns@lemmygrad.ml 7 points 4 months ago

Capitalists are obligated to do this if it's the most profitable thing to do. We should use this against them.

[-] Tervell@hexbear.net 22 points 4 months ago

Computer auto-immune disorder

I love software engineering

anyways, it sure is great to grant kernel-level access to a program so it can better protect you from viruses by, uh... using its kernel-level access to break your entire system?

[-] Mindfury@hexbear.net 17 points 4 months ago* (last edited 4 months ago)

bruh they invented computer cancer lmao

[-] Frank@hexbear.net 16 points 4 months ago

BRING ME JOHN MACAFEET. That whalefucker is the only one who can unfuck this whale of a problem.

[-] Mindfury@hexbear.net 10 points 4 months ago

Biden begging Xi right now to call Kim and ask him to use Juche Necromancy on John McAfee and save the world

[-] Chronicon@hexbear.net 7 points 4 months ago

No, they actually just pushed out a bugged driver that they use to hook into the windows kernel. Turned out to be nothing to do with the realtime A/V feed. Which is honestly funnier because there is NO reason to push that type of update out worldwide in one go, it should be done in stages to catch bugs like this before they go global...

The OP thread talked about it just below the "Load More Replies" fold

[-] LanyrdSkynrd@hexbear.net 30 points 4 months ago

I read somewhere else that this analysis is incorrect. They were saying it wasn't caused by something in the threat intelligence feed, but an updated .sys file(a driver component) that CrowdStrike inexplicably pushed to all clients at once.

That explanation is even funnier, because they pushed a software update to everyone at once instead of the widely used practice of staged rollouts of updates. Normally big companies push updates to a very small number of users first, then gradually increasing the number so they can get bug reports before wrecking every system.

[-] Vampire@hexbear.net 24 points 4 months ago

His explanation: "CrowdStrike is an antivirus. It updates threats constantly. Then the rest of the problem happened causing everything to crash worldwide.

It's a kind of 'draw the rest of the owl' explanation

[-] blobjim@hexbear.net 7 points 4 months ago

Tweets that are like "I am a super credentialed smart person, here's my analysis of...." are always fart sniffing.

[-] nasezero@hexbear.net 23 points 4 months ago

It is every hexbear user's duty to spread FUD that this was caused by AI (and tbh I'm still not convinced it wasn't) party-sicko

[-] Frank@hexbear.net 19 points 4 months ago

My adittedly extremely limited understanding is that modern AV's do use machine learning to identify emerging and potential threats. Hackers are creating new malware, ransomware, and virus software every day and trying to catch it all isn't possible. Intead they use machine learning to identify patterns in how hostile software behaves within the computer system and then shut down anything that behaves like that hostile software. I just ran afoul of this with windows defender and trhe Unreal Engine VR plugin project. UEVR injects data in to the Unreal Engine game in real time and that's a big no-no, that's something a virus does, so Window shut it down hard and I had to do all kinds of silly bullshit to even get the computer on my folder without Windows detecting it and deleting it.

Well, when you apply that kind of rough and ready, evolutionary, real time threat modelling to a live system, I guess sometime your black box machine learning bullshit has a false positive and starts punching the global economy directly in the dick.

Keep in mind, I am not any kind of network security guy, so this is very much an idiot bystander trying to explain the workings of god.

[-] tocopherol@hexbear.net 18 points 4 months ago

From the description this doesn't sound like it will be fixed right away for most systems, any idea what kind of impact this will have? I would hope for anything crucial there would be fail-safes

[-] Frank@hexbear.net 22 points 4 months ago

Pretty sure the US Airline industries requrested that all flights, Globally be grounded due to this failure. Major airlines were already running on the ragged edge of collapse with antiquated systems that could barely function on good days. So, as one says; Lol. Lmao.

[-] invalidusernamelol@hexbear.net 2 points 4 months ago

US airlines (minus Southwest) still use SABRE for reservation and flight management. A system developed for DARPA in the 50s. Basically everything is run in virtual machines I believe, but there are probably still some SABRE terminals out there.

Getting that system back up and running will be a nightmare as it's integrated into basically every reservation service on the planet. That's probably why they want all flights grounded because anything that happens while the system is down will have to be added manually later.

[-] lemmyseizethemeans@lemmygrad.ml 10 points 4 months ago

It's fixed, but end users have to manually do the fix then once online they will push update

[-] Owl@hexbear.net 7 points 4 months ago

This is a total non-explanation.

this post was submitted on 19 Jul 2024
56 points (98.3% liked)

chapotraphouse

13545 readers
748 users here now

Banned? DM Wmill to appeal.

No anti-nautilism posts. See: Eco-fascism Primer

Gossip posts go in c/gossip. Don't post low-hanging fruit here after it gets removed from c/gossip

founded 3 years ago
MODERATORS