BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] CrowdStrike Fiasco
- Subject: [Discuss] CrowdStrike Fiasco
- From: richard.pieri at gmail.com (Rich Pieri)
- Date: Mon, 22 Jul 2024 09:00:43 -0400
While the CrowdStrike (not to be confused with CloudFlare) fiasco Friday affected millions of Windows computers, Linux is not immune to such an event. I'm not familiar with CrowdStrike Falcon, but my employer uses competing PaloAlto Networks' Cortex XDR. It's a similar service with similar capabilities, and there are Linux endpoint packages. These hook themselves into the kernel at a low level via modules so they can do things like isolate individual machines when they exhibit suspicious or malicious behavior. They also could, with the right -- or wrong -- updates, crash or hang the kernel at startup. Recovery under such conditions would be nearly identical to the process that 8.5 million Windows computers are undergoing: boot some form of recovery media, mount the filesystem where the endpoint software or data are installed, delete or replace the relevant files, and reboot. -- \m/ (--) \m/
- Follow-Ups:
- [Discuss] CrowdStrike Fiasco
- From: dsr at randomstring.org (Dan Ritter)
- [Discuss] CrowdStrike Fiasco
- Prev by Date: [Discuss] Jetblue wifi and ssh
- Next by Date: [Discuss] CrowdStrike Fiasco
- Previous by thread: [Discuss] Jetblue wifi and ssh
- Next by thread: [Discuss] CrowdStrike Fiasco
- Index(es):
