• slazer2au
    link
    English
    204 months ago

    … But it’s not malware like Solar winds became. It was just a botched update.

    I hope they learn from this and implement update stages or groups so you don’t blow away an entire org again.

    • Venia Silente
      link
      fedilink
      English
      26
      edit-2
      4 months ago

      Goes into the kernel
      Gives remote absolute view and control of the machine
      Removes user’s rights
      Is intended to allow the employer class control the employee class

      Sounds like malware to me!

      • Shadow
        link
        fedilink
        English
        64 months ago

        It’s not the users computer, it’s the employers. The user has no rights on it.

      • aviationeast
        link
        English
        24 months ago

        Is intended to allow c2 traffic to control to machine

      • slazer2au
        link
        English
        -24 months ago

        so work elsewhere that doesn’t use it. You have no rights to a device you do not own.

        • Venia Silente
          link
          fedilink
          English
          44 months ago

          I still have human rights, as well as rights to eg.: privacy. Also it’s not like they put “we use CrowdStrike” in their job offerings you know, so you saying to just “work elsewhere” reads whiny. And petty.

          • slazer2au
            link
            English
            34 months ago

            I still have human rights, as well as rights to eg.: privacy

            I agree, but not on a device that is not owned or managed by you. Now, if your employer demanded you install it on your personal PC as a condition of employment then that is a completely separate issue

    • Justin
      link
      fedilink
      English
      94 months ago

      Any third party remotely deploying kernel-level spyware is malware. We as an industry shouldn’t accept this kind of behavior.

      • slazer2au
        link
        English
        6
        edit-2
        4 months ago

        Is it really spyware if the device owner installs it deliberately? After all this application is not run on home or personal machines. It only runs in corporate environments where you do not own the equipment you use.

        • Justin
          link
          fedilink
          English
          24 months ago

          It become malicious when you start demanding IT departments to install insecure, untested kernel drivers. Crowdstrike did not own any of the millions of devices they just killed today.

          • slazer2au
            link
            English
            44 months ago

            Malicious requires intent. I have massive doubts CS wanted to deploy a Kernel driver full of NULL values to their clients. more likely a human error happened as part of a larger automated process.

    • @Psychodelic
      link
      English
      64 months ago

      Tomato potato

      I wiped my computer last night because of that shitty virus. Good luck IT teams out there! lol

      • @[email protected]
        link
        fedilink
        English
        124 months ago

        You were supposed to delete \windows\system32\drivers\crowdstrike\C-00000291-*.sys, not all of \windows \system32. I know the buttons are right next to each other and all, but come on…

        :-)

        • @Psychodelic
          link
          English
          34 months ago

          I assumed I did something wrong. I initially blamed explorerpatcher. Made sense (at the time) to get it fixed before I had to work Friday morning

          Now it doesn’t even have the stuff my company installed! Woops

          The worst bit was once I finally called IT (~10pm, was gonna leave a message or something) they had a recorded message saying they were aware of the BSOD issue. Facepalms were indeed had

          I want to say I wish they’d sent out some kind of email asap, but I can’t really say I wouldnt have tried to fix it myself. Safe mode wasn’t working!! Literally never seen that happen. Oh well, lesson learned