BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] CrowdStrike
- Subject: [Discuss] CrowdStrike
- From: markw at mohawksoft.com (markw at mohawksoft.com)
- Date: Wed, 24 Jul 2024 11:21:35 -0400
The analysis of the failure is in and it is interesting: The problem was caused by a null pointer dereference in the kernel. The null pointer issue came from a module of "pcode" that is executed in the kernel module. The pcode file was all zeros. When the pcode was loaded, it was run, and violla! BSOD. The fix was to remove the offending pcode file. Much of this could fall under the category of "sh&^%t happens," but I think there are three fundamental mistakes that show CrowdStrike was incompetent and negligent. Thoughts: (1) loading pcode into a kernel driver. Are you kidding me? (2) loading pcode (in any environment) without basic sanity checks (checksum, structural verification, etc.) is total incompetence. This is a disaster waiting to happen, even a little bit-rot could create a problem that would be difficult to diagnose and fix. (3) Unstaged rollout: amateur hour nonsense.
- Follow-Ups:
- [Discuss] CrowdStrike
- From: richard.pieri at gmail.com (Rich Pieri)
- [Discuss] CrowdStrike
- From: daniel at syntheticblue.com (Daniel M Gessel)
- [Discuss] CrowdStrike
- From: kentborg at borg.org (Kent Borg)
- [Discuss] CrowdStrike
- Prev by Date: [Discuss] CrowdStrike Fiasco
- Next by Date: [Discuss] CrowdStrike
- Previous by thread: [Discuss] CrowdStrike Fiasco (eBPF)
- Next by thread: [Discuss] CrowdStrike
- Index(es):