I would honestly think freezing airports, hospitals and other services for days would cause a lot of legal trouble.

At least that’s what would happen if an experienced hacker did the same thing.

  • @[email protected]
    link
    fedilink
    1222 months ago

    These kinds of discussions are between corporations who have defined SLA’s that specify things like reliability, uptime, etc. It’s likely this outage breached this agreement so the lawyers of the companies are discussing internally and behind closed doors. This kind of thing doesn’t get reported on in general.

  • snooggums
    link
    English
    672 months ago

    At least that’s what would happen if an experienced hacker did the same thing.

    If you ignore the context of a massive company doing an oopsie daisy and a malicious hacker intentionally trying to cause the same disruption, that makes sense. Fortunately, most people are aware of the difference.

    They will most likely either be sued or have financial repercussions, although there realy isn’t a replqcement waiting in the wings if they went down. Plus they have had a pretty solid reputation for years, so an occasional oopsie is going to happen and as long as it doesn’t happen repeatedly it is likely to be forgotten about in 6 months.

    Heck, I wasn’t even impacted because my work laptop was off and it was already sorted out before I turned it on that day.

    • @SzethFriendOfNimi
      link
      19
      edit-2
      2 months ago

      If I had to guess there would be, at the very least, some businesses that used their business continuity insurance.

      Those companies, after paying those claims, will probably be expecting reimbursement or preparing to sue crowdstrike to recoup those costs.

      • @[email protected]
        link
        fedilink
        English
        132 months ago

        And likely Crowdstrike will have their own insurance. At the end of the day, it’s just gamblers sitting at the table, moving the chips around.

  • @[email protected]
    link
    fedilink
    English
    282 months ago

    Well, for one, it’s not known as “BSOD day” by any other customers that I know of. For two, there are contractual obligations, which prevents businesses from immediately pulling the plug and depriving them of funds, or from having knee jerk reactions, depending on your perspective. And finally, in just my own opinion, no other alternative solution provides a more compelling case for risk reduction without the same potential compromises even given the faulty deployment methodology that CS used. Sad, but true in my experience.

    Needing kernel code for security sucks, don’t have better options right now, encourage startups and take risks on them instead.

    • @Brkdncr
      link
      42 months ago

      Sadly I’d say Cylance has a feature-complete alternative to Crowdstrike but Blackberry has done everything possible to not promote the product.

      • DigitalDilemma
        link
        fedilink
        English
        1
        edit-2
        2 months ago

        Cylance was comparable several years ago. But, as you say, Blackberry bought it. Development effectively stopped at that moment. Reported bugs were going un-triaged and the software stopped moving forwards and AV software that isn’t constantly adapting becomes a security risk in itself. The two are not comparable now - CS has a lot of extra features, especially in attack monitoring and analysis.

        We were Cylance customers, and we changed to Crowdstrike when our contract expired. It was the right choice at the time, as was our decision to choose Cylance before them. Turns out we have pretty crappy luck.

        • @Brkdncr
          link
          22 months ago

          Yeah cylance definitely had some issues but it seems like they’ve recently been doing better in bringing features.

          Another in this space is Palo Alto Networks XDR.

  • DigitalDilemma
    link
    fedilink
    English
    202 months ago

    They have a shitload of big contracts with a great many companies across the world. Money keeps coming in.

    Legal actions take time. Years. Sometimes decades.

    The software, when it isn’t bricking computers, is actually pretty good.

    This could equally have been caused by any other software running at ring 0. That’s most antivirus software and most drivers. Drivers caused BSODs all the time - the difference here is only one of scale and timing. And, as it turns out, some pretty terrible quality control, test processes and release scheduling - and that is likely to be the focus of many of the legal actions.

    Your reference to a hacker is spurious - deliberate vs accidental is a major distinction. As is cause and effect - Microsoft can be seen as equally to blame for allowing software to run at ring 0 and allowing this to happen.

    • @clutchtwopointzero
      link
      62 months ago

      Need to remember that Microsoft was forced by regulators overseas to allow ring 0 third party software as part of antitrust proceedings. But the notion that antivirus software companies must be allowed to exist (instead of making the kernel infection proof) is also ridiculous

      • DigitalDilemma
        link
        fedilink
        English
        42 months ago

        Microsoft was forced by regulators overseas to allow ring 0 third party software as part of antitrust proceedings.

        Interesting - I wasn’t aware of that. Gave me a few minutes of interesting googling, thanks.

        Looks like some people don’t agree that is an excuse.

        Also worth remembering is that Crowdstrike stopped RHEL 9 machines booting in a vaguely similar update to their falcon service a few months earlier, so it’s not something that is exclusive to Windows. That also needed manual intervention to get vms booting. (I dealt with that one too - but it’s easier to roll back to the previous kernel with Linux and we had fewer machines that were running falcon) Not surprisingly, there was a very similar blame game played them.

        • @clutchtwopointzero
          link
          12 months ago

          I heard the argument on the link you shared before but I can’t figure out what “appropriate controls” would look like. That too sounds quite hand-wavy.

  • @[email protected]
    link
    fedilink
    152 months ago

    Plenty of people are talking about how they did get sued and it’s working itself out.

    If you believe that crowdstrike is a normal company doing security then the fact that most of their customers stuck with them after the event shows they’re doing something right.

    If you believe crowdstrike is a natsec cutout then it won’t matter if they get sued.

    • @stupidcasey
      link
      12 months ago

      Lol, Is that what they are? Are they a branch of the Us government spying on people?

      • @[email protected]
        link
        fedilink
        32 months ago

        I don’t feel one way or the other. Plenty of people instrumental to the company come from the natsec space though.

        That’s not in and of itself damning though. Infosec people are often cops or soldiers of one kind or another because that’s where the jobs are.

      • @[email protected]
        link
        fedilink
        12 months ago

        I want to make the subtext text actually. When you speak with people on the internet in information security focused places you are most likely talking directly to cops and soldiers a good amount of the time and certainly in the presence of them.

  • @[email protected]
    link
    fedilink
    English
    112 months ago

    Crowdstrike: If you sue us, we won’t provide you with security anymore

    Big companies: :(

    (This is just satire)

    • @[email protected]
      link
      fedilink
      42 months ago

      According to the article, there is a question of gross negligence, which circumstance could have the effect of nullifying the contractual limitation of liability.

      • @[email protected]
        link
        fedilink
        English
        22 months ago

        And anyone who knows what they’re doing would have built in decent safeguards - obviously hindsight is a luxury here, but there’s a reason there’s a whole lot of checking that goes on when others are downloading update content over a hostile network… Input validation is a thing, and all that.

        They just weren’t very mature on that front, and now we all got to laugh at them but everyone else made similar mistakes along the way, just most of them started their journey decades ago (thinking windows update, etc), so we forget about the learning curve they suffered through building a resilient process

  • @[email protected]
    link
    fedilink
    72 months ago

    Among Boies’ wide range of high-profile clients are Theranos, Harvey Weinstein, victims of Jeffrey Epstein, and Al Gore in Bush v. Gore around the results of the 2000 presidential election. He also led the government’s antitrust case against Microsoft in the 1990s.

    damn