[Discuss] CrowdStrike
markw at mohawksoft.com
markw at mohawksoft.com
Wed Jul 24 13:15:29 EDT 2024
> I'd guess their pcode is like a big compiled regular expression that
> makes scanning for multiple, perhaps complex, patterns relatively
> efficient.
>From what I understand, I think it is far more capable then mere regex.
>
> The failure does seem incompetent to the point of negligence and I
> wouldn't be surprised to see it tested in court: big companies lost
> large amounts of money; lawsuits may start happening soon.
They have a pretty protective EULA, but it's harder to legally protect
yourself from the ramifications of your own negligence.
That, and, every self-respecting (competent) CTO should do a serious
re-think about this architecture. It's crazy.
>
>
> On 2024-07-24 11:21, markw at mohawksoft.com wrote:
>> The analysis of the failure is in and it is interesting:
>>
>> The problem was caused by a null pointer dereference in the kernel.
>> The null pointer issue came from a module of "pcode" that is executed in
>> the kernel module.
>> The pcode file was all zeros.
>> When the pcode was loaded, it was run, and violla! BSOD.
>> The fix was to remove the offending pcode file.
>>
>> Much of this could fall under the category of "sh&^%t happens," but I
>> think there are three fundamental mistakes that show CrowdStrike was
>> incompetent and negligent.
>>
>> Thoughts:
>> (1) loading pcode into a kernel driver. Are you kidding me?
>>
>> (2) loading pcode (in any environment) without basic sanity checks
>> (checksum, structural verification, etc.) is total incompetence. This is
>> a
>> disaster waiting to happen, even a little bit-rot could create a problem
>> that would be difficult to diagnose and fix.
>>
>> (3) Unstaged rollout: amateur hour nonsense.
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Discuss mailing list
>> Discuss at driftwood.blu.org
>> https://driftwood.blu.org/mailman/listinfo/discuss
>
> _______________________________________________
> Discuss mailing list
> Discuss at driftwood.blu.org
> https://driftwood.blu.org/mailman/listinfo/discuss
>
More information about the Discuss
mailing list