touchdown

Defense Wins Championships
Messages
5,856
Reaction score
4,789

touchdown

Defense Wins Championships
Messages
5,856
Reaction score
4,789

Thousands of Windows machines are experiencing a Blue Screen of Death (BSOD) issue at boot today, impacting banks, airlines, TV broadcasters, supermarkets, and many more businesses worldwide. A faulty update from cybersecurity provider CrowdStrike is knocking affected PCs and servers offline, forcing them into a recovery boot loop so machines can’t start properly. CrowdStrike is widely used by many businesses worldwide for managing the security of Windows PCs and servers.
 

Creeper

UDFA
Messages
1,888
Reaction score
2,276
Crowdstrike is the same company the investigated the DNC hacking incident in 2016. They concluded it was Russians based on what they claim were bits of data they found in the DNC servers. I read what I could about their analysis, and what was in the Mueller report and I never believed a word of it. One of the clues they found was a word document, or fragments of a word document that was written in Russian. Right, because state sponsored hackers leave behind a calling card that says, "we hacked you!". I spent over 20 years in CyberSecurity before I retired and have ben involved in several hacking incidents including alleged foreign sponsored incidents and I simply will not believe that Russia's intelligence agency left bits of a document in the DNC servers to connect them to the hack. Did Russian hacks attack the DNC servers? Probably. That wouldn't be unusual. But supposedly two separate groups hacked into the DNC servers over a year prior to the alleged hack that Crowdstrike investigated. Neither of those groups knew about the other, according to Mueller. That alone tells you the whole thing smells. But the question is why did they wait so long to release information to Wikileaks?

The point is, don't believe anything Crowdstrike has to say without confirmation. Was this just a bad update? Maybe. But if it was why wasn't it picked up in testing? Given the breadth of the disruption the bug in the update could not have been missed in testing, unless of course it wasn't tested at all. Did Crowdstrike release an update without testing it on the most popular platform in the world? If they want to admit that, I'm listening.
 

Doomsday

High Plains Drifter
Messages
21,801
Reaction score
4,306
Big lesson I've been screaming about for at least the last fifteen years - relying on third party shit compromises your system. Big or small. Micro or Macro. Local or global.
 
Top Bottom