[Discuss] CrowdStrike

[daniel at syntheticblue.com (Daniel M Gessel)]

I'd guess their pcode is like a big compiled regular expression that 
makes scanning for multiple, perhaps complex, patterns relatively efficient.

The failure does seem incompetent to the point of negligence and I 
wouldn't be surprised to see it tested in court: big companies lost 
large amounts of money; lawsuits may start happening soon.


On 2024-07-24 11:21, markw at mohawksoft.com wrote:
> The analysis of the failure is in and it is interesting:
>
> The problem was caused by a null pointer dereference in the kernel.
> The null pointer issue came from a module of "pcode" that is executed in
> the kernel module.
> The pcode file was all zeros.
> When the pcode was loaded, it was run, and violla! BSOD.
> The fix was to remove the offending pcode file.
>
> Much of this could fall under the category of "sh&^%t happens," but I
> think there are three fundamental mistakes that show CrowdStrike was
> incompetent and negligent.
>
> Thoughts:
> (1) loading pcode into a kernel driver. Are you kidding me?
>
> (2) loading pcode (in any environment) without basic sanity checks
> (checksum, structural verification, etc.) is total incompetence. This is a
> disaster waiting to happen, even a little bit-rot could create a problem
> that would be difficult to diagnose and fix.
>
> (3) Unstaged rollout: amateur hour nonsense.
>
>
>
>
>
>
> _______________________________________________
> Discuss mailing list
> Discuss at driftwood.blu.org
> https://driftwood.blu.org/mailman/listinfo/discuss