←back to thread

CrowdStrike's Falcon Sensor also linked to Linux kernel panics and crashes

(www.theregister.com)
158 points kenjackson | 1 comments | 22 Jul 24 02:22 UTC | HN request time: 0s | source
Show context
rramadass ◴[22 Jul 24 05:47 UTC] No.41031248[source]
I had read reports of this earlier which is what makes me speculate that the Windows Crowdstrike issue is more than "just a update error" i.e. there might be some nefarious hand behind this. Given that they were already aware of the Linux issue it boggles my mind that they did not take extra precautions when it came to Windows updates. We will have to wait and see for further trustworthy info.

Btw - The article mentions Dave Plummer's analysis of the issue which might be easier for people to understand and worth a watch. - https://www.youtube.com/watch?v=wAzEJxOo1ts

replies(3): >>41031293 #>>41031643 #>>41032173 #
bawolff ◴[22 Jul 24 06:01 UTC] No.41031293[source]
Some part of a company already aware of an issue but different part still ships is a pretty common tale and seems much more likely than some nefarious conspiracy theory. (And that is even assuming this is the same issue, which seems questionable)

After all, who exactly would benefit from such a nefarious scheme to crash windows computers? Certainly not Crowdstrike.

replies(3): >>41031325 #>>41031441 #>>41031502 #
rramadass ◴[22 Jul 24 06:40 UTC] No.41031502[source]
> who exactly would benefit from such a nefarious scheme

State Actors, given the current Geo-Political tensions.

You have to take a all-in-all broader view. I remember a while ago Kaspersky was accused of data-siphoning/spying from computers it was installed on and other nefarious activities. See New Government Ban on Kaspersky Would Prevent Company from Updating Malware Signatures in U.S. - https://www.zetter-zeroday.com/new-government-ban-on-kaspers...

As for your opening statement "Some part of a company already aware of an issue but different part still ships is a pretty common tale" is not applicable here since this code runs in kernel mode (in both OSes) and thus would be subject to far far greater scrutiny and testing than an ordinary app. As Dave Plummer points out in his analysis Microsoft Kernel Drivers are signed and certified after an exhaustive testing process. Even if Crowdstrike wrote their drivers as an interpreter and the data update files were actually programs in some p-code, Microsoft would have definitely known of it and its inherent vulnerabilities. I would bet money that Microsoft knows all about preventing threats/vulnerabilities than any other company simply because of their long experience and large userbase and thus would not have allowed Crowdstrike such a free hand.

replies(2): >>41031932 #>>41038966 #
bawolff ◴[22 Jul 24 19:44 UTC] No.41038966[source]
> State Actors, given the current Geo-Political tensions.

I disagree. If state actors had this type of capability they would use it to spy on big companies. The espionage potential is huge. They wouldn't waste it on causing a minor inconvinence.

> is not applicable here since this code runs in kernel mode (in both OSes) and thus would be subject to far far greater scrutiny and testing than an ordinary app

Lol. What next? Politicians always tell the truth? Everyone gets a free unicorn? This is just obviously not how the world works. There is a long history of anti-virus software being kind of crap.

replies(1): >>41040307 #
1. rramadass ◴[22 Jul 24 22:04 UTC] No.41040307[source]
> If state actors had this type of capability they would use it to spy on big companies.

Who says that is not ongoing? You just don't hear about it that much because the companies downplay/hide it for obvious reasons.

> They wouldn't waste it on causing a minor inconvinence.

This is not a "minor" inconvenience. The losses to the Economy are already running into billions and counting. See for example https://www.youtube.com/watch?v=YedowOtznNo

> Lol. What next? Politicians always tell the truth? Everyone gets a free unicorn? This is just obviously not how the world works. There is a long history of anti-virus software being kind of crap.

Snark/Glibness is not an argument. I have worked in Network Security and know for a fact that Kernel mode code is treated differently than User mode code in terms of scrutiny/testing/staging/release. Second, Crowdstrike is not just another anti-virus software; they are far more broader in scope/complex and hence their wide user base. Microsoft with their wide experience would have definitely processes in place to validate them comprehensively. Hence one should be cautious in taking this incident at face value and investigate everything thoroughly. I am almost sure multiple lawsuits are in the offing but am not so sure whether the full story will come out.