BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] CrowdStrike
- Subject: [Discuss] CrowdStrike
- From: markw at mohawksoft.com (markw at mohawksoft.com)
- Date: Wed, 24 Jul 2024 13:15:29 -0400
- In-reply-to: <ce0d6b33-009e-455d-b60a-f9cc4994c35f@syntheticblue.com>
- References: <741866934157f80503afcde12cc9fcef.squirrel@mail.mohawksoft.com> <ce0d6b33-009e-455d-b60a-f9cc4994c35f@syntheticblue.com>
> I'd guess their pcode is like a big compiled regular expression that > makes scanning for multiple, perhaps complex, patterns relatively > efficient. >From what I understand, I think it is far more capable then mere regex. > > The failure does seem incompetent to the point of negligence and I > wouldn't be surprised to see it tested in court: big companies lost > large amounts of money; lawsuits may start happening soon. They have a pretty protective EULA, but it's harder to legally protect yourself from the ramifications of your own negligence. That, and, every self-respecting (competent) CTO should do a serious re-think about this architecture. It's crazy. > > > On 2024-07-24 11:21, markw at mohawksoft.com wrote: >> The analysis of the failure is in and it is interesting: >> >> The problem was caused by a null pointer dereference in the kernel. >> The null pointer issue came from a module of "pcode" that is executed in >> the kernel module. >> The pcode file was all zeros. >> When the pcode was loaded, it was run, and violla! BSOD. >> The fix was to remove the offending pcode file. >> >> Much of this could fall under the category of "sh&^%t happens," but I >> think there are three fundamental mistakes that show CrowdStrike was >> incompetent and negligent. >> >> Thoughts: >> (1) loading pcode into a kernel driver. Are you kidding me? >> >> (2) loading pcode (in any environment) without basic sanity checks >> (checksum, structural verification, etc.) is total incompetence. This is >> a >> disaster waiting to happen, even a little bit-rot could create a problem >> that would be difficult to diagnose and fix. >> >> (3) Unstaged rollout: amateur hour nonsense. >> >> >> >> >> >> >> _______________________________________________ >> Discuss mailing list >> Discuss at driftwood.blu.org >> https://driftwood.blu.org/mailman/listinfo/discuss > > _______________________________________________ > Discuss mailing list > Discuss at driftwood.blu.org > https://driftwood.blu.org/mailman/listinfo/discuss >
- References:
- [Discuss] CrowdStrike
- From: markw at mohawksoft.com (markw at mohawksoft.com)
- [Discuss] CrowdStrike
- From: daniel at syntheticblue.com (Daniel M Gessel)
- [Discuss] CrowdStrike
- Prev by Date: [Discuss] CrowdStrike
- Next by Date: [Discuss] CrowdStrike
- Previous by thread: [Discuss] CrowdStrike
- Next by thread: [Discuss] CrowdStrike
- Index(es):