BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] CrowdStrike Fiasco
- Subject: [Discuss] CrowdStrike Fiasco
- From: dsr at randomstring.org (Dan Ritter)
- Date: Mon, 22 Jul 2024 10:23:15 -0400
- In-reply-to: <20240722090043.3d5b68ef.Richard.Pieri@gmail.com>
- References: <20240722090043.3d5b68ef.Richard.Pieri@gmail.com>
Rich Pieri wrote: > While the CrowdStrike (not to be confused with CloudFlare) fiasco > Friday affected millions of Windows computers, Linux is not immune to > such an event. I'm not familiar with CrowdStrike Falcon, but my > employer uses competing PaloAlto Networks' Cortex XDR. It's a similar > service with similar capabilities, and there are Linux endpoint > packages. These hook themselves into the kernel at a low level via > modules so they can do things like isolate individual machines when > they exhibit suspicious or malicious behavior. > > They also could, with the right -- or wrong -- updates, crash or hang > the kernel at startup. > > Recovery under such conditions would be nearly identical to the process > that 8.5 million Windows computers are undergoing: boot some form of > recovery media, mount the filesystem where the endpoint software or > data are installed, delete or replace the relevant files, and reboot. In fact, CrowdStrike Falcon has a Linux version; it also requires a kernel module; and it exhibited a similar -- but different crash back in March. -dsr-
- Follow-Ups:
- [Discuss] CrowdStrike Fiasco
- From: daniel at syntheticblue.com (Daniel M Gessel)
- [Discuss] CrowdStrike Fiasco
- References:
- [Discuss] CrowdStrike Fiasco
- From: richard.pieri at gmail.com (Rich Pieri)
- [Discuss] CrowdStrike Fiasco
- Prev by Date: [Discuss] CrowdStrike Fiasco
- Next by Date: [Discuss] CrowdStrike Fiasco
- Previous by thread: [Discuss] CrowdStrike Fiasco
- Next by thread: [Discuss] CrowdStrike Fiasco
- Index(es):