Izpad računalniških sistemov po celem svetu, rešitev že znana @ Slo-Tech

Novice » Varnost »
Izpad računalniških sistemov po celem svetu, rešitev že znana

« 1 2

darkolord :: 20. jul 2024, 13:20

stroj66684 je 20. jul 2024 ob 11:52 izjavil:

Napaka v update je katastrofalna in kako niso stestirali preden so objavili update programa. To je bilo namerno.

Updati AV programov se objavljajo večkrat dnevno, lahko tudi večkrat v eni uri.

kixs :: 20. jul 2024, 13:21

Definicije AV ja, jedro programa pac ne.

dronyx :: 20. jul 2024, 13:39

G-man je 20. jul 2024 ob 07:54 izjavil:

dronyx je 20. jul 2024 ob 06:45 izjavil:
Posledica tega bo, da bodo marsikje izklopili posodabljanje. Potem pa tvegajo še hujše težave.

Kontroverzno mnenje: mislim da ne. Desktop antivirus je zadnja obrambna linija v IT varnosti in dandanes bolj kljukica na seznamu ISO 27k1 kot resnično dodana vrednost.

Nisem imel v mislih samo posodabljanje AV, ampak tudi Windows OS.

johnnyyy :: 20. jul 2024, 17:41

Malce sem bral gleda njihovega Falcona, da ima za Linux tudi kernel modul?! Pa me zanima, kdaj so ga dodali? Ker pred leti mi je naš ITjevec težil, da moram obvezno inšštalirati Falcona, pa takrat modula še ni imel.

sbawe64 :: 20. jul 2024, 17:59

Kupite Apple macos, tam dela brez težav !
https://www.crowdstrike.com/blog/crowds...

On macOS, CrowdStrike Falcon hasn't used a kernel driver since 2020 because Apple added user space EDR APIs.

Linux bojda tudi ni prizadet
https://www.securityweek.com/crowdstrik...
The company reiterated that Mac and Linux systems were not impacted by the glitch.

CloudStrike se bo preimenoval v ClownStrike ali CloudCrash.

2020 is new 1984
Corona World order

Zgodovina sprememb…

spremenilo: sbawe64 (20. jul 2024 ob 18:03)

sbawe64 :: 20. jul 2024, 18:08

Hitrost tega klovn av-ja (ob tem izgleda McAfee/Norton zelo hiter):

At Amazon, I had a 2019 Macbook (this was in 2020, so virtually brand-spanking new), and we all had Crowdstrike on our dev laptops. It took me 14 minutes to make incremental changes to Amazon Music. Incremental! As in, change one line, make a build - 14 minutes. It took me about a year to realize that Crowdstrike was to blame - it doesn't appear in the Activity Monitor, so good luck figuring out. Mac showed everything in perfect state - all while the CPU was clearly dying, and the fan was damn near levitating the laptop.

At the place I work now, I have a Linux machine, and no Crowdstrike. I thank the gods every day whenever I see how much my coworkers struggle with CS on their macs - some of them unable to share screens on Zoom while they build, because they start sounding like robots and eventually drop off.

I don't know how it affects other professions, but for an engineer, Crowdstrike is a steaming pile of shit. I don't know how they convinced companies that they're a worthy investment, when - at least from personal experience - they cost me months of productivity.

2020 is new 1984
Corona World order

Zgodovina sprememb…

spremenilo: sbawe64 (20. jul 2024 ob 18:08)

kixs :: 20. jul 2024, 18:17

Meni gre ze Eset na zivce.

sbawe64 :: 20. jul 2024, 18:18

Ročni vnos bitlocker recovery ključa za vsako napravo posebej, copy paste ne dela
Delta airlines
https://co.reddit.com/r/delta/comments/...

2020 is new 1984
Corona World order

Zgodovina sprememb…

spremenilo: sbawe64 (20. jul 2024 ob 18:19)

sbawe64 :: 20. jul 2024, 18:25

If Hector Martin's analysis is correct, Crowdstrike do file parsing in kernel space, and the driver shat itself on a malformed update file. I thought Tavis Ormandy shamed security companies into not doing stupid shit like that years ago.

https://social.treehouse.systems/@marca...

Ah yes, let's ship a kernel driver that parses update files that are pushed globally simultaneously to millions of users without progressive staging, and let's write it in a memory unsafe language so it crashes if an update is malformed, and let's have no automated boot recovery mechanism to disable things after a few failed boots. What could possibly go wrong?

2020 is new 1984
Corona World order

Zgodovina sprememb…

spremenilo: sbawe64 (20. jul 2024 ob 18:26)

LightBit :: 20. jul 2024, 18:38

kixs je 20. jul 2024 ob 18:17 izjavil:

Meni gre ze Eset na zivce.

Meni je ESET še daleč najbolj prebavljiv, če že nekaj mora biti. Reagira zelo hitro, ne upočasnjuje toliko in nima veliko lažnih alarmov.

mtosev :: 20. jul 2024, 18:42

Jaz se spomnim komp kateri je imel sophos endpoint security pa je bilo vse dol zaklenjeno pa sem za foro probil iti v safe mode in tam ga seveda ni bilo. Pol sem lepo imel filefox portable, igral nfs v dosboxu. Komp je tudi bil brez bios passworda. Če bi hotel bi lahko vse dol zbrisal. :))

Core i9 10900X, ASUS Prime X299 Edition 30, 32GB 4x8 3600Mhz G.skill, CM H500M,
ASUS ROG Strix RTX 2080 Super, Samsung 970 PRO, UltraSharp UP3017, Win 11 Pro,
Enermax Platimax 1700W | moj oče darko 1960-2016, moj labradorec max 2002-2013

Zgodovina sprememb…

spremenil: mtosev (20. jul 2024 ob 18:45)

sbawe64 :: 20. jul 2024, 18:47

Citiram sebe od prej

Linux bojda tudi ni prizadet

Not so fast.

https://social.treehouse.systems/@mjg59...
"Linux would have prevented this!" literally true because my former colleague KP Singh wrote a kernel security module that lets EDR implementations load ebpf into the kernel to monitor and act on security hooks and Crowdstrike now uses that rather than requiring its own kernel module that would otherwise absolutely have allowed this to happen, so everyone please say thank you to him

Na žalost clownstrike zadeva ne podpira zadnjih linux jeder/distrov:

I've heard (seventeenth-hand) that they're not supporting Ubuntu 24.04 yet because of eBPF, but am sure it's probably more complicated than that.

They definitely still claim not to support Ubuntu 24.04. That's the same reason why my current employer is insisting that we all migrate to Ubuntu 22.04 rather than 24.04.

https://blog.fefe.de/?ts=9864a262
Fri Jul 19 2024
[l] Here is another relevant note regarding Crowdstrike:
The same nonsense that happened today with Windows also happened at the end of April for Debian Linux 12 after the update to kernel version 6.1.0-20 in combination with falcon-sensor version 7.10 to 7.14. Official workaround: uninstall and wait for a new version or run the software in "user mode".
Yes! This high-quality security product is also available for Linux!

Podobno redhat
Meanwhile in RedHat mailing lists, crowdstrike ebpf kernel panicking the machine:
https://access.redhat.com/solutions/706...

Crowdstrike Falcon actually did cause kernel panics in Debian in April and in Red Hat in May. The difference: No sane Linux user is using Crowdstrike in the first place.

2020 is new 1984
Corona World order

Zgodovina sprememb…

spremenilo: sbawe64 (20. jul 2024 ob 18:47)

LightBit :: 20. jul 2024, 18:48

sbawe64 je 20. jul 2024 ob 18:08 izjavil:

Hitrost tega klovn av-ja (ob tem izgleda McAfee/Norton zelo hiter)

Ja ko ti laptop začne ropotati kakor da bo ravnokar vzletel in aluminij postane tekoč veš da CrowdStrike nekaj skenira. Nameščanje programov pa traja vsaj 10x toliko časa. Splošno je vse ene +200% počasneje, kadar ne skenira.

sbawe64 je 20. jul 2024 ob 18:25 izjavil:

If Hector Martin's analysis is correct, Crowdstrike do file parsing in kernel space, and the driver shat itself on a malformed update file.

In to naj bi bilo eno najboljših varnostnih podjetij. :))

Kakor da smo še v 80ih.

MrStein :: 20. jul 2024, 18:54

johnnyyy je 20. jul 2024 ob 17:41 izjavil:

Malce sem bral gleda njihovega Falcona, da ima za Linux tudi kernel modul?! Pa me zanima, kdaj so ga dodali? Ker pred leti mi je naš ITjevec težil, da moram obvezno inšštalirati Falcona, pa takrat modula še ni imel.

Za tega Falcona še nisem slišal. Niti za CrowdStrike.

Kako se primerja z bolj znanimi produkti?

Motiti se je človeško.
Motiti se pogosto je neumno.
Vztrajati pri zmoti je... oh, pozdravljen!

LightBit :: 20. jul 2024, 18:57

MrStein je 20. jul 2024 ob 18:54 izjavil:

johnnyyy je 20. jul 2024 ob 17:41 izjavil:
Malce sem bral gleda njihovega Falcona, da ima za Linux tudi kernel modul?! Pa me zanima, kdaj so ga dodali? Ker pred leti mi je naš ITjevec težil, da moram obvezno inšštalirati Falcona, pa takrat modula še ni imel.

Za tega Falcona še nisem slišal. Niti za CrowdStrike.

Kako se primerja z bolj znanimi produkti?

Slabo: https://www.av-comparatives.org/tests/b...

Fritz :: 20. jul 2024, 18:58

LightBit je 20. jul 2024 ob 18:38 izjavil:

kixs je 20. jul 2024 ob 18:17 izjavil:
Meni gre ze Eset na zivce.

Meni je ESET še daleč najbolj prebavljiv, če že nekaj mora biti. Reagira zelo hitro, ne upočasnjuje toliko in nima veliko lažnih alarmov.

Iz istega razloga sem dolga leta uporabljal ESET.

"Težav ne moremo reševati z isto miselnostjo,
kot smo jo imeli, ko smo jih ustvarili."
A. Einstein

kixs :: 21. jul 2024, 08:45

Eni niso bili prizadeti. Razlog, ze leta niso nic posodobili... kaksnih 30 let :lol:

A story on the website govtech.com on Friday asked the question, "Why isn't Southwest affected by the CrowdStrike/Microsoft outage?

"That's because major portions of the airline's computer systems are still using Windows 3.1, a 32-year-old version of Microsoft's computer operating software," the website said. "It's so old that the CrowdStrike issue doesn't affect it so Southwest is still operating as normal. It's typically not a good idea to wait so long to update, but in this one instance Southwest has done itself a favor."

Zakaj bi menjal, ce deluje

Fritz :: 21. jul 2024, 09:06

sbawe64 je 20. jul 2024 ob 18:08 izjavil:

Hitrost tega klovn av-ja (ob tem izgleda McAfee/Norton zelo hiter):

At Amazon, I had a 2019 Macbook (this was in 2020, so virtually brand-spanking new), and we all had Crowdstrike on our dev laptops. It took me 14 minutes to make incremental changes to Amazon Music. Incremental! As in, change one line, make a build - 14 minutes. It took me about a year to realize that Crowdstrike was to blame - it doesn't appear in the Activity Monitor, so good luck figuring out. Mac showed everything in perfect state - all while the CPU was clearly dying, and the fan was damn near levitating the laptop.

At the place I work now, I have a Linux machine, and no Crowdstrike. I thank the gods every day whenever I see how much my coworkers struggle with CS on their macs - some of them unable to share screens on Zoom while they build, because they start sounding like robots and eventually drop off.

I don't know how it affects other professions, but for an engineer, Crowdstrike is a steaming pile of shit. I don't know how they convinced companies that they're a worthy investment, when - at least from personal experience - they cost me months of productivity.

Zanimivo, kako se nekateri osebki pojavljajo v podobnih zgodbah:
https://x.com/nikstankovic_/status/1814...

For those who don't remember, in 2010, McAfee had a colossal glitch with Windows XP that took down a good part of the internet. The man who was McAfee's CTO at that time is now the CEO of Crowdstrike. The McAfee incident cost the company so much they ended up selling to Intel.

"Težav ne moremo reševati z isto miselnostjo,
kot smo jo imeli, ko smo jih ustvarili."
A. Einstein

bluefish :: 21. jul 2024, 21:40

Microsoft releases recovery tool to help repair Windows machines hit by CrowdStrike issue

Aja, pa EU je kriva: Microsoft points finger at the EU for not being able to lock down Windows

Zgodovina sprememb…

spremenil: bluefish (21. jul 2024 ob 21:42)

Invictus :: 22. jul 2024, 07:12

Saj to zadnje je najbrž kar res...

Ampak velja za vsako formo, ki ne stestira updata v predprodukciji...

Slepo zaupati, da bo MS ali kdo drug vse naredil zate, malo morgen...

"Life is hard; it's even harder when you're stupid."

http://goo.gl/2YuS2x

LightBit :: 22. jul 2024, 11:46

bluefish je 21. jul 2024 ob 21:40 izjavil:

Aja, pa EU je kriva: Microsoft points finger at the EU for not being able to lock down Windows

Tole je bolj bulšit, sicer zagovarjam da če se hočeš ustrelit v nogo bi ti to morali omogočiti. Microsoft bi prav tako lahko naredil API za dostop izven jedra v stilu FUSE, ki bi omogočal pisanje "spyware" kot so Windows Defender in CrowdStrike. Sicer je pa CrowdStrike verjetno šel čez Microsoftovo WHQL certifikacijo ali nekaj da so ga podpisali.

Lonsarg :: 22. jul 2024, 12:08

Microsoft izdaja certifikat za driverje, kaj potem ta firma dela s tem certifkatom je v njihovi domeni.

c3p0 :: 22. jul 2024, 12:40

Podpisan "driver" je ostal enak, dobil je zanič definicije in ker ne dela proper sanity checkov, ga je slaba definicija zrušla in s tem cel windows (smo v win kernel space).

LightBit :: 22. jul 2024, 13:00

Lonsarg je 22. jul 2024 ob 12:08 izjavil:

Microsoft izdaja certifikat za driverje, kaj potem ta firma dela s tem certifkatom je v njihovi domeni.

Torej je to bolj neka formalnost. Plačaš oni pa preverijo malo, da nisi slučajno iz Severne Koreje.

c3p0 je 22. jul 2024 ob 12:40 izjavil:

Podpisan "driver" je ostal enak, dobil je zanič definicije in ker ne dela proper sanity checkov, ga je slaba definicija zrušla in s tem cel windows (smo v win kernel space).

Lahko bi jih zavrnili ker je slabo dizajniran. Mislim ja, lahko je bit general po bitki, ampak če so že full pametni in krivijo EU.

Utk :: 22. jul 2024, 13:02

MS ne nadzira vsake vrstice. Certifikat je zato, da se ve kdo je nekaj naredil, ne pa da je MS kaj odobril.
Če bi moral MS vsako stvar odobrit, bi bilo v nasprotju s tistim kar so zahtevali od MS.

LightBit :: 22. jul 2024, 22:16

Kolikor vem imajo vsaj neke avtomatizirane teste za driverje, ki morajo skozi za certifikacijo. HCK se reče ali nekaj takega.

MrStein :: 22. jul 2024, 23:31

sbawe64 je 20. jul 2024 ob 18:08 izjavil:

Hitrost tega klovn av-ja (ob tem izgleda McAfee/Norton zelo hiter):

At Amazon, I had a 2019 Macbook (this was in 2020, so virtually brand-spanking new), and we all had Crowdstrike on our dev laptops. It took me 14 minutes to make incremental changes to Amazon Music. Incremental! As in, change one line, make a build - 14 minutes.

Hja, trenutno imam tole v službi:

build, ok, ni build ampak en korak, ki sem ga šel izmerit:
10-20 sekund

Ista stvar, na istem PC, a v virtualki (ki očitno nima softvera, ki bi zaviral):
8-10 sekund

Ista stvar, na enem prastarem PC (iz leta 2011): 12 sekund

Torej bi lahko vzel PC-je iz muzeja za 50 EUR, pazil, da ne namestim "zavoro" in delal skoraj hitreje kot "novimi" PC-ji za 1000 EUR...

Motiti se je človeško.
Motiti se pogosto je neumno.
Vztrajati pri zmoti je... oh, pozdravljen!

Zgodovina sprememb…

spremenil: MrStein (22. jul 2024 ob 23:31)

OK.d :: 22. jul 2024, 23:36

Eni imajo še vedno težave.
https://www.index.hr/vijesti/clanak/kol...

LPOK.d

joez7 :: 29. jul 2024, 08:03

c3p0 je 22. jul 2024 ob 12:40 izjavil:

Podpisan "driver" je ostal enak, dobil je zanič definicije in ker ne dela proper sanity checkov, ga je slaba definicija zrušla in s tem cel windows (smo v win kernel space).

Glava AV programa zapisana zanič. Sploh ne bi smel sprejeti koruptane definicije, ali pa maksimalno en rebot, če nova ne gre skozi - vzameš zadnjo delujočo.

Sem mali provokator, po potrebi diktator, dvomim v vse in nič ne vem.

« 1 2

Vredno ogleda ...

	Tema	Sporočila	Ogledi	Zadnje sporočilo
	Tema	Sporočila	Ogledi	Zadnje sporočilo
»	Southwestu se v petek ni zgodilo nič, ker uporablja Windows 3.11 McHusch Oddelek: Novice / Ostale najave	49	4807 (606)	MrStein 29. jul 2024 09:46:03
»	Izpad računalniških sistemov po celem svetu, rešitev že znana (strani: 1 2 3 ) McHusch Oddelek: Novice / Varnost	128	10426 (1870)	joez7 29. jul 2024 08:03:48
»	Potop CrowdStrike dan pozneje McHusch Oddelek: Novice / Operacijski sistemi	32	4536 (1021)	Lonsarg 24. jul 2024 12:10:36
»	Po svetu obsežen izpad računalniških sistemov, ki je prizadel banke, letališča in trg GupeM Oddelek: Loža	48	2117 (901)	GupeM 19. jul 2024 14:28:15

Več podobnih tem

Zadnje novice

Zadnji članki

Išči:

Novice » Varnost »
Izpad računalniških sistemov po celem svetu, rešitev že znana

Izpad računalniških sistemov po celem svetu, rešitev že znana

darkolord :: 20. jul 2024, 13:20

kixs :: 20. jul 2024, 13:21

dronyx :: 20. jul 2024, 13:39

johnnyyy :: 20. jul 2024, 17:41

sbawe64 :: 20. jul 2024, 17:59

sbawe64 :: 20. jul 2024, 18:08

kixs :: 20. jul 2024, 18:17

sbawe64 :: 20. jul 2024, 18:18

sbawe64 :: 20. jul 2024, 18:25

LightBit :: 20. jul 2024, 18:38

mtosev :: 20. jul 2024, 18:42

sbawe64 :: 20. jul 2024, 18:47

LightBit :: 20. jul 2024, 18:48

MrStein :: 20. jul 2024, 18:54

LightBit :: 20. jul 2024, 18:57

Fritz :: 20. jul 2024, 18:58

kixs :: 21. jul 2024, 08:45

Fritz :: 21. jul 2024, 09:06

bluefish :: 21. jul 2024, 21:40

Invictus :: 22. jul 2024, 07:12

LightBit :: 22. jul 2024, 11:46

Lonsarg :: 22. jul 2024, 12:08

c3p0 :: 22. jul 2024, 12:40

LightBit :: 22. jul 2024, 13:00

Utk :: 22. jul 2024, 13:02

LightBit :: 22. jul 2024, 22:16

MrStein :: 22. jul 2024, 23:31

OK.d :: 22. jul 2024, 23:36

joez7 :: 29. jul 2024, 08:03

Vredno ogleda ...

Southwestu se v petek ni zgodilo nič, ker uporablja Windows 3.11

Izpad računalniških sistemov po celem svetu, rešitev že znana (strani: 1 2 3 )

Potop CrowdStrike dan pozneje

Po svetu obsežen izpad računalniških sistemov, ki je prizadel banke, letališča in trg

Novice » Varnost » Izpad računalniških sistemov po celem svetu, rešitev že znana

Izpad računalniških sistemov po celem svetu, rešitev že znana

darkolord :: 20. jul 2024, 13:20

kixs :: 20. jul 2024, 13:21

dronyx :: 20. jul 2024, 13:39

johnnyyy :: 20. jul 2024, 17:41

sbawe64 :: 20. jul 2024, 17:59

sbawe64 :: 20. jul 2024, 18:08

kixs :: 20. jul 2024, 18:17

sbawe64 :: 20. jul 2024, 18:18

sbawe64 :: 20. jul 2024, 18:25

LightBit :: 20. jul 2024, 18:38

mtosev :: 20. jul 2024, 18:42

sbawe64 :: 20. jul 2024, 18:47

LightBit :: 20. jul 2024, 18:48

MrStein :: 20. jul 2024, 18:54

LightBit :: 20. jul 2024, 18:57

Fritz :: 20. jul 2024, 18:58

kixs :: 21. jul 2024, 08:45

Fritz :: 21. jul 2024, 09:06

bluefish :: 21. jul 2024, 21:40

Invictus :: 22. jul 2024, 07:12

LightBit :: 22. jul 2024, 11:46

Lonsarg :: 22. jul 2024, 12:08

c3p0 :: 22. jul 2024, 12:40

LightBit :: 22. jul 2024, 13:00

Utk :: 22. jul 2024, 13:02

LightBit :: 22. jul 2024, 22:16

MrStein :: 22. jul 2024, 23:31

OK.d :: 22. jul 2024, 23:36

joez7 :: 29. jul 2024, 08:03

Vredno ogleda ...

Izpad računalniških sistemov po celem svetu, rešitev že znana (strani: 1 2 3 )

Novice » Varnost »
Izpad računalniških sistemov po celem svetu, rešitev že znana