christian_taillon (@christian_tail)
twiiit.com
You're correct. Full of zeros at least.

…according to a Twitter post by the Chief Informational Security Officer of Grand Canyon Education.

So, does anyone else find it odd that the file that caused everything CrowdStrike to freak out, C-00000291-
00000000-00000032.sys was 42KB of blank/null values, while the replacement file C-00000291-00000000-
00000.033.sys was 35KB and looked like a normal, if not obfuscated sys/.conf file?

Also, apparently CrowdStrike had at least 5 hours to work on the problem between the time it was discovered and the time it was fixed.

    • tiramichu@lemm.eeEnglish
      0·
      4 months ago

      If I send you on stage at the Olympic Games opening ceremony with a sealed envelope

      And I say “This contains your script, just open it and read it”

      And then when you open it, the script is blank

      You’re gonna freak out

      • Imgonnatrythis@sh.itjust.worksEnglish
        0·
        4 months ago

        Maybe. But I’d like to think I’d just say something clever like, “says here that this year the pummel horse will be replaced by yours truly!”

        • Takios@discuss.tchncs.deEnglish
          0·
          4 months ago

          Problem is that software cannot deal with unexpected situations like a human brain can. Computers do exactly what a programmer tells it to do, nothing more nothing less. So if a situation arises that the programmer hasn’t written code for, then there will be a crash.

          • deadbeef79000@lemmy.nzEnglish
            0·
            4 months ago

            Poorly written code can’t.

            In this case:

            1. Load config data
            2. If data is valid:
              1. Use config data
            3. If data is invalid:
              1. Crash entire OS

            Is just poor code.

              • CeeBee_Eh@lemmy.worldEnglish
                0·
                4 months ago

                You know there’s a whole other scenario where the system can simply boot the last known good config.

                  • CeeBee_Eh@lemmy.worldEnglish
                    0·
                    4 months ago

                    The following:

                    • An internal backup of previous configs
                    • Encrypted copies
                    • Massive warnings in the system that current loaded config has failed integrity check

                    There’s a load of other checks that could be employed. This is literally no different than securing the OS itself.

                    This is essentially a solved problem, but even then it’s impossible to make any system 100% secure. As the person you replied to said: “this is poor code”

                    Edit: just to add, failure for the system to boot should NEVER be the desired outcome. Especially when the party implementing that is a 3rd party service. The people who setup these servers are expecting them to operate for things to work. Nothing is gained from a non-booting critical system and literally EVERYTHING to lose. If it’s critical then it must be operational.