[Discuss] CrowdStrike Fiasco
Daniel M Gessel
daniel at syntheticblue.com
Mon Jul 22 15:10:56 EDT 2024
On 2024-07-22 10:23, Dan Ritter wrote:
> Rich Pieri wrote:
>> While the CrowdStrike (not to be confused with CloudFlare) fiasco
>> Friday affected millions of Windows computers, Linux is not immune to
>> such an event. I'm not familiar with CrowdStrike Falcon, but my
>> employer uses competing PaloAlto Networks' Cortex XDR. It's a similar
>> service with similar capabilities, and there are Linux endpoint
>> packages. These hook themselves into the kernel at a low level via
>> modules so they can do things like isolate individual machines when
>> they exhibit suspicious or malicious behavior.
>>
>> They also could, with the right -- or wrong -- updates, crash or hang
>> the kernel at startup.
>>
>> Recovery under such conditions would be nearly identical to the process
>> that 8.5 million Windows computers are undergoing: boot some form of
>> recovery media, mount the filesystem where the endpoint software or
>> data are installed, delete or replace the relevant files, and reboot.
>
> In fact, CrowdStrike Falcon has a Linux version; it also
> requires a kernel module; and it exhibited a similar -- but
> different crash back in March.
I wonder if their QA department is hiring.... Dan G
More information about the Discuss
mailing list