Novice » Varnost » Izpad računalniških sistemov po celem svetu, rešitev že znana
darkolord ::
stroj66684 je izjavil:
Napaka v update je katastrofalna in kako niso stestirali preden so objavili update programa. To je bilo namerno.Updati AV programov se objavljajo večkrat dnevno, lahko tudi večkrat v eni uri.
dronyx ::
Posledica tega bo, da bodo marsikje izklopili posodabljanje. Potem pa tvegajo še hujše težave.
Kontroverzno mnenje: mislim da ne. Desktop antivirus je zadnja obrambna linija v IT varnosti in dandanes bolj kljukica na seznamu ISO 27k1 kot resnično dodana vrednost.
Nisem imel v mislih samo posodabljanje AV, ampak tudi Windows OS.
johnnyyy ::
Malce sem bral gleda njihovega Falcona, da ima za Linux tudi kernel modul?! Pa me zanima, kdaj so ga dodali? Ker pred leti mi je naš ITjevec težil, da moram obvezno inšštalirati Falcona, pa takrat modula še ni imel.
sbawe64 ::
Kupite Apple macos, tam dela brez težav !
https://www.crowdstrike.com/blog/crowds...
On macOS, CrowdStrike Falcon hasn't used a kernel driver since 2020 because Apple added user space EDR APIs.
Linux bojda tudi ni prizadet
https://www.securityweek.com/crowdstrik...
The company reiterated that Mac and Linux systems were not impacted by the glitch.
CloudStrike se bo preimenoval v ClownStrike ali CloudCrash.
https://www.crowdstrike.com/blog/crowds...
On macOS, CrowdStrike Falcon hasn't used a kernel driver since 2020 because Apple added user space EDR APIs.
Linux bojda tudi ni prizadet
https://www.securityweek.com/crowdstrik...
The company reiterated that Mac and Linux systems were not impacted by the glitch.
CloudStrike se bo preimenoval v ClownStrike ali CloudCrash.
2020 is new 1984
Corona World order
Corona World order
Zgodovina sprememb…
- spremenilo: sbawe64 ()
sbawe64 ::
Hitrost tega klovn av-ja (ob tem izgleda McAfee/Norton zelo hiter):
At Amazon, I had a 2019 Macbook (this was in 2020, so virtually brand-spanking new), and we all had Crowdstrike on our dev laptops. It took me 14 minutes to make incremental changes to Amazon Music. Incremental! As in, change one line, make a build - 14 minutes. It took me about a year to realize that Crowdstrike was to blame - it doesn't appear in the Activity Monitor, so good luck figuring out. Mac showed everything in perfect state - all while the CPU was clearly dying, and the fan was damn near levitating the laptop.
At the place I work now, I have a Linux machine, and no Crowdstrike. I thank the gods every day whenever I see how much my coworkers struggle with CS on their macs - some of them unable to share screens on Zoom while they build, because they start sounding like robots and eventually drop off.
I don't know how it affects other professions, but for an engineer, Crowdstrike is a steaming pile of shit. I don't know how they convinced companies that they're a worthy investment, when - at least from personal experience - they cost me months of productivity.
At Amazon, I had a 2019 Macbook (this was in 2020, so virtually brand-spanking new), and we all had Crowdstrike on our dev laptops. It took me 14 minutes to make incremental changes to Amazon Music. Incremental! As in, change one line, make a build - 14 minutes. It took me about a year to realize that Crowdstrike was to blame - it doesn't appear in the Activity Monitor, so good luck figuring out. Mac showed everything in perfect state - all while the CPU was clearly dying, and the fan was damn near levitating the laptop.
At the place I work now, I have a Linux machine, and no Crowdstrike. I thank the gods every day whenever I see how much my coworkers struggle with CS on their macs - some of them unable to share screens on Zoom while they build, because they start sounding like robots and eventually drop off.
I don't know how it affects other professions, but for an engineer, Crowdstrike is a steaming pile of shit. I don't know how they convinced companies that they're a worthy investment, when - at least from personal experience - they cost me months of productivity.
2020 is new 1984
Corona World order
Corona World order
Zgodovina sprememb…
- spremenilo: sbawe64 ()
sbawe64 ::
Ročni vnos bitlocker recovery ključa za vsako napravo posebej, copy paste ne dela
Delta airlines
https://co.reddit.com/r/delta/comments/...
Delta airlines
https://co.reddit.com/r/delta/comments/...
2020 is new 1984
Corona World order
Corona World order
Zgodovina sprememb…
- spremenilo: sbawe64 ()
sbawe64 ::
If Hector Martin's analysis is correct, Crowdstrike do file parsing in kernel space, and the driver shat itself on a malformed update file. I thought Tavis Ormandy shamed security companies into not doing stupid shit like that years ago.
https://social.treehouse.systems/@marca...
Ah yes, let's ship a kernel driver that parses update files that are pushed globally simultaneously to millions of users without progressive staging, and let's write it in a memory unsafe language so it crashes if an update is malformed, and let's have no automated boot recovery mechanism to disable things after a few failed boots. What could possibly go wrong?
https://social.treehouse.systems/@marca...
Ah yes, let's ship a kernel driver that parses update files that are pushed globally simultaneously to millions of users without progressive staging, and let's write it in a memory unsafe language so it crashes if an update is malformed, and let's have no automated boot recovery mechanism to disable things after a few failed boots. What could possibly go wrong?
2020 is new 1984
Corona World order
Corona World order
Zgodovina sprememb…
- spremenilo: sbawe64 ()
LightBit ::
mtosev ::
Jaz se spomnim komp kateri je imel sophos endpoint security pa je bilo vse dol zaklenjeno pa sem za foro probil iti v safe mode in tam ga seveda ni bilo. Pol sem lepo imel filefox portable, igral nfs v dosboxu. Komp je tudi bil brez bios passworda. Če bi hotel bi lahko vse dol zbrisal.
Core i9 10900X, ASUS Prime X299 Edition 30, 32GB 4x8 3600Mhz G.skill, CM H500M,
ASUS ROG Strix RTX 2080 Super, Samsung 970 PRO, UltraSharp UP3017, Win 11 Pro,
Enermax Platimax 1700W | moj oče darko 1960-2016, moj labradorec max 2002-2013
ASUS ROG Strix RTX 2080 Super, Samsung 970 PRO, UltraSharp UP3017, Win 11 Pro,
Enermax Platimax 1700W | moj oče darko 1960-2016, moj labradorec max 2002-2013
Zgodovina sprememb…
- spremenil: mtosev ()
sbawe64 ::
Citiram sebe od prej
Not so fast.
https://social.treehouse.systems/@mjg59...
"Linux would have prevented this!" literally true because my former colleague KP Singh wrote a kernel security module that lets EDR implementations load ebpf into the kernel to monitor and act on security hooks and Crowdstrike now uses that rather than requiring its own kernel module that would otherwise absolutely have allowed this to happen, so everyone please say thank you to him
Na žalost clownstrike zadeva ne podpira zadnjih linux jeder/distrov:
I've heard (seventeenth-hand) that they're not supporting Ubuntu 24.04 yet because of eBPF, but am sure it's probably more complicated than that.
They definitely still claim not to support Ubuntu 24.04. That's the same reason why my current employer is insisting that we all migrate to Ubuntu 22.04 rather than 24.04.
https://blog.fefe.de/?ts=9864a262
Fri Jul 19 2024
[l] Here is another relevant note regarding Crowdstrike:
The same nonsense that happened today with Windows also happened at the end of April for Debian Linux 12 after the update to kernel version 6.1.0-20 in combination with falcon-sensor version 7.10 to 7.14. Official workaround: uninstall and wait for a new version or run the software in "user mode".
Yes! This high-quality security product is also available for Linux!
Podobno redhat
Meanwhile in RedHat mailing lists, crowdstrike ebpf kernel panicking the machine:
https://access.redhat.com/solutions/706...
Crowdstrike Falcon actually did cause kernel panics in Debian in April and in Red Hat in May. The difference: No sane Linux user is using Crowdstrike in the first place.
Linux bojda tudi ni prizadet
Not so fast.
https://social.treehouse.systems/@mjg59...
"Linux would have prevented this!" literally true because my former colleague KP Singh wrote a kernel security module that lets EDR implementations load ebpf into the kernel to monitor and act on security hooks and Crowdstrike now uses that rather than requiring its own kernel module that would otherwise absolutely have allowed this to happen, so everyone please say thank you to him
Na žalost clownstrike zadeva ne podpira zadnjih linux jeder/distrov:
I've heard (seventeenth-hand) that they're not supporting Ubuntu 24.04 yet because of eBPF, but am sure it's probably more complicated than that.
They definitely still claim not to support Ubuntu 24.04. That's the same reason why my current employer is insisting that we all migrate to Ubuntu 22.04 rather than 24.04.
https://blog.fefe.de/?ts=9864a262
Fri Jul 19 2024
[l] Here is another relevant note regarding Crowdstrike:
The same nonsense that happened today with Windows also happened at the end of April for Debian Linux 12 after the update to kernel version 6.1.0-20 in combination with falcon-sensor version 7.10 to 7.14. Official workaround: uninstall and wait for a new version or run the software in "user mode".
Yes! This high-quality security product is also available for Linux!
Podobno redhat
Meanwhile in RedHat mailing lists, crowdstrike ebpf kernel panicking the machine:
https://access.redhat.com/solutions/706...
Crowdstrike Falcon actually did cause kernel panics in Debian in April and in Red Hat in May. The difference: No sane Linux user is using Crowdstrike in the first place.
2020 is new 1984
Corona World order
Corona World order
Zgodovina sprememb…
- spremenilo: sbawe64 ()
LightBit ::
Hitrost tega klovn av-ja (ob tem izgleda McAfee/Norton zelo hiter)
Ja ko ti laptop začne ropotati kakor da bo ravnokar vzletel in aluminij postane tekoč veš da CrowdStrike nekaj skenira. Nameščanje programov pa traja vsaj 10x toliko časa. Splošno je vse ene +200% počasneje, kadar ne skenira.
If Hector Martin's analysis is correct, Crowdstrike do file parsing in kernel space, and the driver shat itself on a malformed update file.
In to naj bi bilo eno najboljših varnostnih podjetij.
Kakor da smo še v 80ih.
MrStein ::
Malce sem bral gleda njihovega Falcona, da ima za Linux tudi kernel modul?! Pa me zanima, kdaj so ga dodali? Ker pred leti mi je naš ITjevec težil, da moram obvezno inšštalirati Falcona, pa takrat modula še ni imel.
Za tega Falcona še nisem slišal. Niti za CrowdStrike.
Kako se primerja z bolj znanimi produkti?
Motiti se je človeško.
Motiti se pogosto je neumno.
Vztrajati pri zmoti je... oh, pozdravljen!
Motiti se pogosto je neumno.
Vztrajati pri zmoti je... oh, pozdravljen!
LightBit ::
Malce sem bral gleda njihovega Falcona, da ima za Linux tudi kernel modul?! Pa me zanima, kdaj so ga dodali? Ker pred leti mi je naš ITjevec težil, da moram obvezno inšštalirati Falcona, pa takrat modula še ni imel.
Za tega Falcona še nisem slišal. Niti za CrowdStrike.
Kako se primerja z bolj znanimi produkti?
Slabo: https://www.av-comparatives.org/tests/b...
Fritz ::
Meni gre ze Eset na zivce.
Meni je ESET še daleč najbolj prebavljiv, če že nekaj mora biti. Reagira zelo hitro, ne upočasnjuje toliko in nima veliko lažnih alarmov.
Iz istega razloga sem dolga leta uporabljal ESET.
"Težav ne moremo reševati z isto miselnostjo,
kot smo jo imeli, ko smo jih ustvarili."
A. Einstein
kot smo jo imeli, ko smo jih ustvarili."
A. Einstein
kixs ::
Eni niso bili prizadeti. Razlog, ze leta niso nic posodobili... kaksnih 30 let :lol:
Zakaj bi menjal, ce deluje
A story on the website govtech.com on Friday asked the question, "Why isn't Southwest affected by the CrowdStrike/Microsoft outage?
"That's because major portions of the airline's computer systems are still using Windows 3.1, a 32-year-old version of Microsoft's computer operating software," the website said. "It's so old that the CrowdStrike issue doesn't affect it so Southwest is still operating as normal. It's typically not a good idea to wait so long to update, but in this one instance Southwest has done itself a favor."
Zakaj bi menjal, ce deluje
Fritz ::
Hitrost tega klovn av-ja (ob tem izgleda McAfee/Norton zelo hiter):
At Amazon, I had a 2019 Macbook (this was in 2020, so virtually brand-spanking new), and we all had Crowdstrike on our dev laptops. It took me 14 minutes to make incremental changes to Amazon Music. Incremental! As in, change one line, make a build - 14 minutes. It took me about a year to realize that Crowdstrike was to blame - it doesn't appear in the Activity Monitor, so good luck figuring out. Mac showed everything in perfect state - all while the CPU was clearly dying, and the fan was damn near levitating the laptop.
At the place I work now, I have a Linux machine, and no Crowdstrike. I thank the gods every day whenever I see how much my coworkers struggle with CS on their macs - some of them unable to share screens on Zoom while they build, because they start sounding like robots and eventually drop off.
I don't know how it affects other professions, but for an engineer, Crowdstrike is a steaming pile of shit. I don't know how they convinced companies that they're a worthy investment, when - at least from personal experience - they cost me months of productivity.
Zanimivo, kako se nekateri osebki pojavljajo v podobnih zgodbah:
https://x.com/nikstankovic_/status/1814...
For those who don't remember, in 2010, McAfee had a colossal glitch with Windows XP that took down a good part of the internet. The man who was McAfee's CTO at that time is now the CEO of Crowdstrike. The McAfee incident cost the company so much they ended up selling to Intel.
"Težav ne moremo reševati z isto miselnostjo,
kot smo jo imeli, ko smo jih ustvarili."
A. Einstein
kot smo jo imeli, ko smo jih ustvarili."
A. Einstein
bluefish ::
Microsoft releases recovery tool to help repair Windows machines hit by CrowdStrike issue
Aja, pa EU je kriva: Microsoft points finger at the EU for not being able to lock down Windows
Aja, pa EU je kriva: Microsoft points finger at the EU for not being able to lock down Windows
Zgodovina sprememb…
- spremenil: bluefish ()
Invictus ::
Saj to zadnje je najbrž kar res...
Ampak velja za vsako formo, ki ne stestira updata v predprodukciji...
Slepo zaupati, da bo MS ali kdo drug vse naredil zate, malo morgen...
Ampak velja za vsako formo, ki ne stestira updata v predprodukciji...
Slepo zaupati, da bo MS ali kdo drug vse naredil zate, malo morgen...
"Life is hard; it's even harder when you're stupid."
http://goo.gl/2YuS2x
http://goo.gl/2YuS2x
LightBit ::
Aja, pa EU je kriva: Microsoft points finger at the EU for not being able to lock down Windows
Tole je bolj bulšit, sicer zagovarjam da če se hočeš ustrelit v nogo bi ti to morali omogočiti. Microsoft bi prav tako lahko naredil API za dostop izven jedra v stilu FUSE, ki bi omogočal pisanje "spyware" kot so Windows Defender in CrowdStrike. Sicer je pa CrowdStrike verjetno šel čez Microsoftovo WHQL certifikacijo ali nekaj da so ga podpisali.
Lonsarg ::
Microsoft izdaja certifikat za driverje, kaj potem ta firma dela s tem certifkatom je v njihovi domeni.
c3p0 ::
Podpisan "driver" je ostal enak, dobil je zanič definicije in ker ne dela proper sanity checkov, ga je slaba definicija zrušla in s tem cel windows (smo v win kernel space).
LightBit ::
Microsoft izdaja certifikat za driverje, kaj potem ta firma dela s tem certifkatom je v njihovi domeni.
Torej je to bolj neka formalnost. Plačaš oni pa preverijo malo, da nisi slučajno iz Severne Koreje.
Podpisan "driver" je ostal enak, dobil je zanič definicije in ker ne dela proper sanity checkov, ga je slaba definicija zrušla in s tem cel windows (smo v win kernel space).
Lahko bi jih zavrnili ker je slabo dizajniran. Mislim ja, lahko je bit general po bitki, ampak če so že full pametni in krivijo EU.
Utk ::
MS ne nadzira vsake vrstice. Certifikat je zato, da se ve kdo je nekaj naredil, ne pa da je MS kaj odobril.
Če bi moral MS vsako stvar odobrit, bi bilo v nasprotju s tistim kar so zahtevali od MS.
Če bi moral MS vsako stvar odobrit, bi bilo v nasprotju s tistim kar so zahtevali od MS.
LightBit ::
Kolikor vem imajo vsaj neke avtomatizirane teste za driverje, ki morajo skozi za certifikacijo. HCK se reče ali nekaj takega.
MrStein ::
Hitrost tega klovn av-ja (ob tem izgleda McAfee/Norton zelo hiter):
At Amazon, I had a 2019 Macbook (this was in 2020, so virtually brand-spanking new), and we all had Crowdstrike on our dev laptops. It took me 14 minutes to make incremental changes to Amazon Music. Incremental! As in, change one line, make a build - 14 minutes.
Hja, trenutno imam tole v službi:
build, ok, ni build ampak en korak, ki sem ga šel izmerit:
10-20 sekund
Ista stvar, na istem PC, a v virtualki (ki očitno nima softvera, ki bi zaviral):
8-10 sekund
Ista stvar, na enem prastarem PC (iz leta 2011): 12 sekund
Torej bi lahko vzel PC-je iz muzeja za 50 EUR, pazil, da ne namestim "zavoro" in delal skoraj hitreje kot "novimi" PC-ji za 1000 EUR...
Motiti se je človeško.
Motiti se pogosto je neumno.
Vztrajati pri zmoti je... oh, pozdravljen!
Motiti se pogosto je neumno.
Vztrajati pri zmoti je... oh, pozdravljen!
Zgodovina sprememb…
- spremenil: MrStein ()
joez7 ::
Podpisan "driver" je ostal enak, dobil je zanič definicije in ker ne dela proper sanity checkov, ga je slaba definicija zrušla in s tem cel windows (smo v win kernel space).
Glava AV programa zapisana zanič. Sploh ne bi smel sprejeti koruptane definicije, ali pa maksimalno en rebot, če nova ne gre skozi - vzameš zadnjo delujočo.
Sem mali provokator, po potrebi diktator, dvomim v vse in nič ne vem.
Vredno ogleda ...
Tema | Ogledi | Zadnje sporočilo | |
---|---|---|---|
Tema | Ogledi | Zadnje sporočilo | |
» | Southwestu se v petek ni zgodilo nič, ker uporablja Windows 3.11Oddelek: Novice / Ostale najave | 5100 (899) | MrStein |
» | Izpad računalniških sistemov po celem svetu, rešitev že znana (strani: 1 2 3 )Oddelek: Novice / Varnost | 12374 (3818) | joez7 |
» | Potop CrowdStrike dan poznejeOddelek: Novice / Operacijski sistemi | 5019 (1504) | Lonsarg |
» | Po svetu obsežen izpad računalniških sistemov, ki je prizadel banke, letališča in trgOddelek: Loža | 2419 (1203) | GupeM |