On Friday, as we were running around the hospital where we work trying to get every computer working again, we were following the work-around to rename the Crowdstrike folder under C:\Windows\system32\drivers to "bad-CrowdStrike".
When my coworker was typing the rename command, instead of typing "cro TAB", he started typing "clo TAB". He'd ask me why it wasn't finding it, and I'd point out the typo.
I started saying, it's not "CloudStrike", it's "CrowdStrike".
By the end of the day, we were both a little loopy. I started typing "CloudStrike", and cursing him out for screwing with my head. By the end of the day I wasn't sure what it was either.
CloudStrike
CrownStrike
ClownStrike
It occurred to us that CrowdStrike is an absolutely terrible name. It sounds like a terrorist attack. Of course, it felt like one on Friday.
It occurred to us that CrowdStrike is an absolutely terrible name. It sounds like a terrorist attack. Of course, it felt like one on Friday.
When I first heard about what was going on, I assumed that "CrowdStrike" was not the name of the software/company, but rather some sort of advanced DDOS-like attack where they used systems they'd previously hacked and had them all do the same thing at once to another target.
not the name of the software/company, but rather some sort of advanced DDOS-like attack
As we've discovered, both can be true.
ClownStrike
A fitting rename after such a pathetic and catastrophic failure, that's for sure.
Yeah, let's not key them get away with it. Clownstrike forever on
CloudStrike
CrownStrike
ClownStrike
ClownStrife
CloudStrife
Ah yes, the guy from FFVII
Yeah, I'm usually a big stickler for making sure I'm saying something right, but that name was tongue twistering me from the first time I tried to say it out loud. And we don't even use them and weren't hit in any way lol
funny thing is I, and probably most people, had never even heard that there was something called "CrowdStrike" until Friday of last week
I knew of falcond as the service that makes my work mac run slow.
Unfortunately, having a mac meant i didn't get friday off unlike most of the rest of the company
Oh, if you worked at a company that uses them (which is a lot of companies), you'd definitely be familiar with them as they hog up a ton of fucking CPU/disk. I basically had an entire CPU core dedicated to running their bullshit.
When I heard "CrowdStrike" took down operating systems everywhere, I thought it was the name of a virus or a group of hackers. I'm not the only one hearing an inherent villainy in that name, right?
Same for me with Solar Winds, Equifax, SVB and Ashley Madison.
Weird to think that some kind of major catastrophe in the future could again be caused by some company that exists right now, but am unaware of.
Something I heard about recently is that it's unnervingly common for the stock prices of unknown but really important companies like these to shoot up following an outage because it reveals to stock investors how mich of a monopoly it has in an area.
Are you not in the US? Equifax is a credit bureau and if you've never heard of them, you never needed credit or you're not from the US.
The other three, I've only heard of Ashley Madison because they had a very aggressive ad campaign before ad blockers became ubiquitous. One could say it was ads like theirs that made ad blocking a requirement.
They struck the whole crowd for sure
an operating system that allows third-party ring 0 access
Linux with eBPF:
Yes. I'm no security expert, but ebpf always seemed a bit weird to me. But in the end how much different is it from kernel drivers?
Shush, this is an opportunity for people to dump on Microsoft, if you take it from them they'll turn on you.
CrowdStroke
CrowdStricken
Now that's a good code word!
So why is this considered a crowdstrike issue and not a Microsoft fuckup?
Windows: exists
Crowdstrike: stabs
You: why would Microsoft stab themselves?
To be fair, kernel level access by third party software is kind of frowned upon in the Linux world. Ask any desktop Linux user how they feel about NVIDIA (the only third party kernel code an average Linux user will install) and their drivers randomly causing strange issues on their systems up to and including kernel panics compared to the experience on AMD where the driver is open and built into the kernel itself. For security software that needs low level visibility, there is eBPF, direct kernel level access isn't needed (though I believe CrowdStrike uses it, and thay actually did CrowdStrike Debian and Rocky Linux systems some time back).
MacOS blocked the majority of kernel extensions a few years ago as well.
Windows is the only OS where it has been designed in a way where kernel level access is the rule rather than the exception. So design flaws are at least partially at fault here.
Windows: exists
Crowdstrike: exists
Windows: open belly, right here!
Crowdstrike: stabs
Crowdstrike released bad code into prod without giving it some hours of testing in local machines or whatever. Incredible fuckup, inimaginable. But, let's not take blame out of Microsoft, if a driver is faulty the system should be resilient enough no to crap the bed on login. At least enough for IT to be able to remotely access the system and fix it. The manual work the IT world has had to do because it's lost remote access to workstations is insane.
Nelson Muntz: Stop striking yourself!
Basically, crowdstrike wrote bad code that run as a driver, windows doesn't like bad code in their drivers. Kernel level code is generally expected to run properly. crowdstrike's kernel level code was really bad. Embarrassingly bad.
If the host creates a playlist and everyone can add their favorite song to the playlist, the host won't be blamed if you add "erika". People rightfully think you are an ignorant weirdo or a bad person, not the host.
Same thing would happen on Linux if someone wrote a bad kernel module and integrated it into the OS. In fact, Crowdstrike did have a similar problem a few months ago on Linux.
I'm no fan of Microsoft, but this isn't their fault.
Please do some basic research on the subject. This has been explained thoroughly
