[Discuss] CrowdStrike Fiasco
Rich Pieri
richard.pieri at gmail.com
Mon Jul 22 09:00:43 EDT 2024
While the CrowdStrike (not to be confused with CloudFlare) fiasco
Friday affected millions of Windows computers, Linux is not immune to
such an event. I'm not familiar with CrowdStrike Falcon, but my
employer uses competing PaloAlto Networks' Cortex XDR. It's a similar
service with similar capabilities, and there are Linux endpoint
packages. These hook themselves into the kernel at a low level via
modules so they can do things like isolate individual machines when
they exhibit suspicious or malicious behavior.
They also could, with the right -- or wrong -- updates, crash or hang
the kernel at startup.
Recovery under such conditions would be nearly identical to the process
that 8.5 million Windows computers are undergoing: boot some form of
recovery media, mount the filesystem where the endpoint software or
data are installed, delete or replace the relevant files, and reboot.
--
\m/ (--) \m/
More information about the Discuss
mailing list