- cross-posted to:
- [email protected]
- [email protected]
- cross-posted to:
- [email protected]
- [email protected]
I would honestly think freezing airports, hospitals and other services for days would cause a lot of legal trouble.
At least that’s what would happen if an experienced hacker did the same thing.
Crowdstrike: If you sue us, we won’t provide you with security anymore
Big companies: :(
(This is just satire)
There are lawsuits: https://techcrunch.com/2024/09/02/crowdstrike-faces-onslaught-of-legal-action-from-faulty-software-update/
These things will probably take years to play out.
These kinds of discussions are between corporations who have defined SLA’s that specify things like reliability, uptime, etc. It’s likely this outage breached this agreement so the lawyers of the companies are discussing internally and behind closed doors. This kind of thing doesn’t get reported on in general.
And it might be years before the full fallout is fully litigated.
The gears of justice grind slowly but finely.
At least that’s what would happen if an experienced hacker did the same thing.
If you ignore the context of a massive company doing an oopsie daisy and a malicious hacker intentionally trying to cause the same disruption, that makes sense. Fortunately, most people are aware of the difference.
They will most likely either be sued or have financial repercussions, although there realy isn’t a replqcement waiting in the wings if they went down. Plus they have had a pretty solid reputation for years, so an occasional oopsie is going to happen and as long as it doesn’t happen repeatedly it is likely to be forgotten about in 6 months.
Heck, I wasn’t even impacted because my work laptop was off and it was already sorted out before I turned it on that day.
If I had to guess there would be, at the very least, some businesses that used their business continuity insurance.
Those companies, after paying those claims, will probably be expecting reimbursement or preparing to sue crowdstrike to recoup those costs.
And likely Crowdstrike will have their own insurance. At the end of the day, it’s just gamblers sitting at the table, moving the chips around.
In other words, they’re too big to fail.
Well, for one, it’s not known as “BSOD day” by any other customers that I know of. For two, there are contractual obligations, which prevents businesses from immediately pulling the plug and depriving them of funds, or from having knee jerk reactions, depending on your perspective. And finally, in just my own opinion, no other alternative solution provides a more compelling case for risk reduction without the same potential compromises even given the faulty deployment methodology that CS used. Sad, but true in my experience.
Needing kernel code for security sucks, don’t have better options right now, encourage startups and take risks on them instead.
Sadly I’d say Cylance has a feature-complete alternative to Crowdstrike but Blackberry has done everything possible to not promote the product.