…according to a Twitter post by the Chief Informational Security Officer of Grand Canyon Education.

So, does anyone else find it odd that the file that caused everything CrowdStrike to freak out, C-00000291-
00000000-00000032.sys was 42KB of blank/null values, while the replacement file C-00000291-00000000-
00000.033.sys was 35KB and looked like a normal, if not obfuscated sys/.conf file?

Also, apparently CrowdStrike had at least 5 hours to work on the problem between the time it was discovered and the time it was fixed.

  • tiramichu@lemm.ee
    link
    fedilink
    English
    arrow-up
    0
    ·
    4 months ago

    If I send you on stage at the Olympic Games opening ceremony with a sealed envelope

    And I say “This contains your script, just open it and read it”

    And then when you open it, the script is blank

    You’re gonna freak out

    • Imgonnatrythis@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      0
      ·
      4 months ago

      Maybe. But I’d like to think I’d just say something clever like, “says here that this year the pummel horse will be replaced by yours truly!”

      • Takios@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        0
        ·
        4 months ago

        Problem is that software cannot deal with unexpected situations like a human brain can. Computers do exactly what a programmer tells it to do, nothing more nothing less. So if a situation arises that the programmer hasn’t written code for, then there will be a crash.

        • deadbeef79000@lemmy.nz
          link
          fedilink
          English
          arrow-up
          0
          ·
          4 months ago

          Poorly written code can’t.

          In this case:

          1. Load config data
          2. If data is valid:
            1. Use config data
          3. If data is invalid:
            1. Crash entire OS

          Is just poor code.

            • CeeBee_Eh@lemmy.world
              link
              fedilink
              English
              arrow-up
              0
              ·
              4 months ago

              You know there’s a whole other scenario where the system can simply boot the last known good config.

                • CeeBee_Eh@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  0
                  ·
                  edit-2
                  4 months ago

                  The following:

                  • An internal backup of previous configs
                  • Encrypted copies
                  • Massive warnings in the system that current loaded config has failed integrity check

                  There’s a load of other checks that could be employed. This is literally no different than securing the OS itself.

                  This is essentially a solved problem, but even then it’s impossible to make any system 100% secure. As the person you replied to said: “this is poor code”

                  Edit: just to add, failure for the system to boot should NEVER be the desired outcome. Especially when the party implementing that is a 3rd party service. The people who setup these servers are expecting them to operate for things to work. Nothing is gained from a non-booting critical system and literally EVERYTHING to lose. If it’s critical then it must be operational.

                  • The 3rd party service is AV. You do not want to boot a potentially compromised or insecure system that is unable to start its AV properly, and have it potentially access other critical systems. That’s a recipe for a perhaps more local but also more painful disaster. It makes sense that a critical enterprise system does not boot if something is off. No AV means the system is a security risk and should not boot and connect to other critical/sensitive systems, period.

                    These sorts of errors should be alleviated through backup systems and prevented by not auto-updating these sorts of systems.

                    Sure, for a personal PC I would not necessarily want a BSOD, I’d prefer if it just booted and alerted the user. But for enterprise servers? Best not.