» »

Izpad računalniških sistemov po celem svetu, rešitev že znana

1 2
3
»

darkolord ::

stroj66684 je izjavil:

Napaka v update je katastrofalna in kako niso stestirali preden so objavili update programa. To je bilo namerno.
Updati AV programov se objavljajo večkrat dnevno, lahko tudi večkrat v eni uri.

kixs ::

Definicije AV ja, jedro programa pac ne.

dronyx ::

G-man je izjavil:

dronyx je izjavil:

Posledica tega bo, da bodo marsikje izklopili posodabljanje. Potem pa tvegajo še hujše težave.


Kontroverzno mnenje: mislim da ne. Desktop antivirus je zadnja obrambna linija v IT varnosti in dandanes bolj kljukica na seznamu ISO 27k1 kot resnično dodana vrednost.

Nisem imel v mislih samo posodabljanje AV, ampak tudi Windows OS.

johnnyyy ::

Malce sem bral gleda njihovega Falcona, da ima za Linux tudi kernel modul?! Pa me zanima, kdaj so ga dodali? Ker pred leti mi je naš ITjevec težil, da moram obvezno inšštalirati Falcona, pa takrat modula še ni imel.

sbawe64 ::

Kupite Apple macos, tam dela brez težav !
https://www.crowdstrike.com/blog/crowds...

On macOS, CrowdStrike Falcon hasn't used a kernel driver since 2020 because Apple added user space EDR APIs.


Linux bojda tudi ni prizadet
https://www.securityweek.com/crowdstrik...
The company reiterated that Mac and Linux systems were not impacted by the glitch.



CloudStrike se bo preimenoval v ClownStrike ali CloudCrash.
2020 is new 1984
Corona World order

Zgodovina sprememb…

  • spremenilo: sbawe64 ()

sbawe64 ::

Hitrost tega klovn av-ja (ob tem izgleda McAfee/Norton zelo hiter):

At Amazon, I had a 2019 Macbook (this was in 2020, so virtually brand-spanking new), and we all had Crowdstrike on our dev laptops. It took me 14 minutes to make incremental changes to Amazon Music. Incremental! As in, change one line, make a build - 14 minutes. It took me about a year to realize that Crowdstrike was to blame - it doesn't appear in the Activity Monitor, so good luck figuring out. Mac showed everything in perfect state - all while the CPU was clearly dying, and the fan was damn near levitating the laptop.

At the place I work now, I have a Linux machine, and no Crowdstrike. I thank the gods every day whenever I see how much my coworkers struggle with CS on their macs - some of them unable to share screens on Zoom while they build, because they start sounding like robots and eventually drop off.

I don't know how it affects other professions, but for an engineer, Crowdstrike is a steaming pile of shit. I don't know how they convinced companies that they're a worthy investment, when - at least from personal experience - they cost me months of productivity.
2020 is new 1984
Corona World order

Zgodovina sprememb…

  • spremenilo: sbawe64 ()

kixs ::

Meni gre ze Eset na zivce.

sbawe64 ::

Ročni vnos bitlocker recovery ključa za vsako napravo posebej, copy paste ne dela
Delta airlines
https://co.reddit.com/r/delta/comments/...
2020 is new 1984
Corona World order

Zgodovina sprememb…

  • spremenilo: sbawe64 ()

sbawe64 ::

If Hector Martin's analysis is correct, Crowdstrike do file parsing in kernel space, and the driver shat itself on a malformed update file. I thought Tavis Ormandy shamed security companies into not doing stupid shit like that years ago.

https://social.treehouse.systems/@marca...

Ah yes, let's ship a kernel driver that parses update files that are pushed globally simultaneously to millions of users without progressive staging, and let's write it in a memory unsafe language so it crashes if an update is malformed, and let's have no automated boot recovery mechanism to disable things after a few failed boots. What could possibly go wrong?
2020 is new 1984
Corona World order

Zgodovina sprememb…

  • spremenilo: sbawe64 ()

LightBit ::

kixs je izjavil:

Meni gre ze Eset na zivce.

Meni je ESET še daleč najbolj prebavljiv, če že nekaj mora biti. Reagira zelo hitro, ne upočasnjuje toliko in nima veliko lažnih alarmov.

mtosev ::

Jaz se spomnim komp kateri je imel sophos endpoint security pa je bilo vse dol zaklenjeno pa sem za foro probil iti v safe mode in tam ga seveda ni bilo. Pol sem lepo imel filefox portable, igral nfs v dosboxu. Komp je tudi bil brez bios passworda. Če bi hotel bi lahko vse dol zbrisal. :))
Core i9 10900X, ASUS Prime X299 Edition 30, 32GB 4x8 3600Mhz G.skill, CM H500M,
ASUS ROG Strix RTX 2080 Super, Samsung 970 PRO, UltraSharp UP3017, Win 11 Pro,
Enermax Platimax 1700W | moj oče darko 1960-2016, moj labradorec max 2002-2013

Zgodovina sprememb…

  • spremenil: mtosev ()

sbawe64 ::

Citiram sebe od prej
Linux bojda tudi ni prizadet

Not so fast.

https://social.treehouse.systems/@mjg59...
"Linux would have prevented this!" literally true because my former colleague KP Singh wrote a kernel security module that lets EDR implementations load ebpf into the kernel to monitor and act on security hooks and Crowdstrike now uses that rather than requiring its own kernel module that would otherwise absolutely have allowed this to happen, so everyone please say thank you to him


Na žalost clownstrike zadeva ne podpira zadnjih linux jeder/distrov:

I've heard (seventeenth-hand) that they're not supporting Ubuntu 24.04 yet because of eBPF, but am sure it's probably more complicated than that.

They definitely still claim not to support Ubuntu 24.04. That's the same reason why my current employer is insisting that we all migrate to Ubuntu 22.04 rather than 24.04.


https://blog.fefe.de/?ts=9864a262
Fri Jul 19 2024
[l] Here is another relevant note regarding Crowdstrike:
The same nonsense that happened today with Windows also happened at the end of April for Debian Linux 12 after the update to kernel version 6.1.0-20 in combination with falcon-sensor version 7.10 to 7.14. Official workaround: uninstall and wait for a new version or run the software in "user mode".
Yes! This high-quality security product is also available for Linux!

Podobno redhat
Meanwhile in RedHat mailing lists, crowdstrike ebpf kernel panicking the machine:
https://access.redhat.com/solutions/706...


Crowdstrike Falcon actually did cause kernel panics in Debian in April and in Red Hat in May. The difference: No sane Linux user is using Crowdstrike in the first place.
2020 is new 1984
Corona World order

Zgodovina sprememb…

  • spremenilo: sbawe64 ()

LightBit ::

sbawe64 je izjavil:

Hitrost tega klovn av-ja (ob tem izgleda McAfee/Norton zelo hiter)

Ja ko ti laptop začne ropotati kakor da bo ravnokar vzletel in aluminij postane tekoč veš da CrowdStrike nekaj skenira. Nameščanje programov pa traja vsaj 10x toliko časa. Splošno je vse ene +200% počasneje, kadar ne skenira.

sbawe64 je izjavil:

If Hector Martin's analysis is correct, Crowdstrike do file parsing in kernel space, and the driver shat itself on a malformed update file.

In to naj bi bilo eno najboljših varnostnih podjetij. :))
Kakor da smo še v 80ih.

MrStein ::

johnnyyy je izjavil:

Malce sem bral gleda njihovega Falcona, da ima za Linux tudi kernel modul?! Pa me zanima, kdaj so ga dodali? Ker pred leti mi je naš ITjevec težil, da moram obvezno inšštalirati Falcona, pa takrat modula še ni imel.

Za tega Falcona še nisem slišal. Niti za CrowdStrike.

Kako se primerja z bolj znanimi produkti?
Motiti se je človeško.
Motiti se pogosto je neumno.
Vztrajati pri zmoti je... oh, pozdravljen!

LightBit ::

MrStein je izjavil:

johnnyyy je izjavil:

Malce sem bral gleda njihovega Falcona, da ima za Linux tudi kernel modul?! Pa me zanima, kdaj so ga dodali? Ker pred leti mi je naš ITjevec težil, da moram obvezno inšštalirati Falcona, pa takrat modula še ni imel.

Za tega Falcona še nisem slišal. Niti za CrowdStrike.

Kako se primerja z bolj znanimi produkti?

Slabo: https://www.av-comparatives.org/tests/b...

Fritz ::

LightBit je izjavil:

kixs je izjavil:

Meni gre ze Eset na zivce.

Meni je ESET še daleč najbolj prebavljiv, če že nekaj mora biti. Reagira zelo hitro, ne upočasnjuje toliko in nima veliko lažnih alarmov.

Iz istega razloga sem dolga leta uporabljal ESET.
"Težav ne moremo reševati z isto miselnostjo,
kot smo jo imeli, ko smo jih ustvarili."
A. Einstein

kixs ::

Eni niso bili prizadeti. Razlog, ze leta niso nic posodobili... kaksnih 30 let :lol:

A story on the website govtech.com on Friday asked the question, "Why isn't Southwest affected by the CrowdStrike/Microsoft outage?

"That's because major portions of the airline's computer systems are still using Windows 3.1, a 32-year-old version of Microsoft's computer operating software," the website said. "It's so old that the CrowdStrike issue doesn't affect it so Southwest is still operating as normal. It's typically not a good idea to wait so long to update, but in this one instance Southwest has done itself a favor."


Zakaj bi menjal, ce deluje ;)

Fritz ::

sbawe64 je izjavil:

Hitrost tega klovn av-ja (ob tem izgleda McAfee/Norton zelo hiter):

At Amazon, I had a 2019 Macbook (this was in 2020, so virtually brand-spanking new), and we all had Crowdstrike on our dev laptops. It took me 14 minutes to make incremental changes to Amazon Music. Incremental! As in, change one line, make a build - 14 minutes. It took me about a year to realize that Crowdstrike was to blame - it doesn't appear in the Activity Monitor, so good luck figuring out. Mac showed everything in perfect state - all while the CPU was clearly dying, and the fan was damn near levitating the laptop.

At the place I work now, I have a Linux machine, and no Crowdstrike. I thank the gods every day whenever I see how much my coworkers struggle with CS on their macs - some of them unable to share screens on Zoom while they build, because they start sounding like robots and eventually drop off.

I don't know how it affects other professions, but for an engineer, Crowdstrike is a steaming pile of shit. I don't know how they convinced companies that they're a worthy investment, when - at least from personal experience - they cost me months of productivity.

Zanimivo, kako se nekateri osebki pojavljajo v podobnih zgodbah:
https://x.com/nikstankovic_/status/1814...

For those who don't remember, in 2010, McAfee had a colossal glitch with Windows XP that took down a good part of the internet. The man who was McAfee's CTO at that time is now the CEO of Crowdstrike. The McAfee incident cost the company so much they ended up selling to Intel.

"Težav ne moremo reševati z isto miselnostjo,
kot smo jo imeli, ko smo jih ustvarili."
A. Einstein

bluefish ::

Zgodovina sprememb…

  • spremenil: bluefish ()

Invictus ::

Saj to zadnje je najbrž kar res...

Ampak velja za vsako formo, ki ne stestira updata v predprodukciji...

Slepo zaupati, da bo MS ali kdo drug vse naredil zate, malo morgen...
"Life is hard; it's even harder when you're stupid."

http://goo.gl/2YuS2x

LightBit ::

bluefish je izjavil:

Aja, pa EU je kriva: Microsoft points finger at the EU for not being able to lock down Windows

Tole je bolj bulšit, sicer zagovarjam da če se hočeš ustrelit v nogo bi ti to morali omogočiti. Microsoft bi prav tako lahko naredil API za dostop izven jedra v stilu FUSE, ki bi omogočal pisanje "spyware" kot so Windows Defender in CrowdStrike. Sicer je pa CrowdStrike verjetno šel čez Microsoftovo WHQL certifikacijo ali nekaj da so ga podpisali.

Lonsarg ::

Microsoft izdaja certifikat za driverje, kaj potem ta firma dela s tem certifkatom je v njihovi domeni.

c3p0 ::

Podpisan "driver" je ostal enak, dobil je zanič definicije in ker ne dela proper sanity checkov, ga je slaba definicija zrušla in s tem cel windows (smo v win kernel space).

LightBit ::

Lonsarg je izjavil:

Microsoft izdaja certifikat za driverje, kaj potem ta firma dela s tem certifkatom je v njihovi domeni.

Torej je to bolj neka formalnost. Plačaš oni pa preverijo malo, da nisi slučajno iz Severne Koreje.

c3p0 je izjavil:

Podpisan "driver" je ostal enak, dobil je zanič definicije in ker ne dela proper sanity checkov, ga je slaba definicija zrušla in s tem cel windows (smo v win kernel space).

Lahko bi jih zavrnili ker je slabo dizajniran. Mislim ja, lahko je bit general po bitki, ampak če so že full pametni in krivijo EU.

Utk ::

MS ne nadzira vsake vrstice. Certifikat je zato, da se ve kdo je nekaj naredil, ne pa da je MS kaj odobril.
Če bi moral MS vsako stvar odobrit, bi bilo v nasprotju s tistim kar so zahtevali od MS.

LightBit ::

Kolikor vem imajo vsaj neke avtomatizirane teste za driverje, ki morajo skozi za certifikacijo. HCK se reče ali nekaj takega.

MrStein ::

sbawe64 je izjavil:

Hitrost tega klovn av-ja (ob tem izgleda McAfee/Norton zelo hiter):

At Amazon, I had a 2019 Macbook (this was in 2020, so virtually brand-spanking new), and we all had Crowdstrike on our dev laptops. It took me 14 minutes to make incremental changes to Amazon Music. Incremental! As in, change one line, make a build - 14 minutes.


Hja, trenutno imam tole v službi:

build, ok, ni build ampak en korak, ki sem ga šel izmerit:
10-20 sekund

Ista stvar, na istem PC, a v virtualki (ki očitno nima softvera, ki bi zaviral):
8-10 sekund

Ista stvar, na enem prastarem PC (iz leta 2011): 12 sekund


Torej bi lahko vzel PC-je iz muzeja za 50 EUR, pazil, da ne namestim "zavoro" in delal skoraj hitreje kot "novimi" PC-ji za 1000 EUR...
Motiti se je človeško.
Motiti se pogosto je neumno.
Vztrajati pri zmoti je... oh, pozdravljen!

Zgodovina sprememb…

  • spremenil: MrStein ()

OK.d ::

Eni imajo še vedno težave.
https://www.index.hr/vijesti/clanak/kol...
LPOK.d

joez7 ::

c3p0 je izjavil:

Podpisan "driver" je ostal enak, dobil je zanič definicije in ker ne dela proper sanity checkov, ga je slaba definicija zrušla in s tem cel windows (smo v win kernel space).


Glava AV programa zapisana zanič. Sploh ne bi smel sprejeti koruptane definicije, ali pa maksimalno en rebot, če nova ne gre skozi - vzameš zadnjo delujočo.
Sem mali provokator, po potrebi diktator, dvomim v vse in nič ne vem.
1 2
3
»


Vredno ogleda ...

TemaSporočilaOglediZadnje sporočilo
TemaSporočilaOglediZadnje sporočilo
»

Southwestu se v petek ni zgodilo nič, ker uporablja Windows 3.11

Oddelek: Novice / Ostale najave
495100 (899) MrStein
»

Izpad računalniških sistemov po celem svetu, rešitev že znana (strani: 1 2 3 )

Oddelek: Novice / Varnost
12812374 (3818) joez7
»

Potop CrowdStrike dan pozneje

Oddelek: Novice / Operacijski sistemi
325019 (1504) Lonsarg
»

Po svetu obsežen izpad računalniških sistemov, ki je prizadel banke, letališča in trg

Oddelek: Loža
482419 (1203) GupeM

Več podobnih tem