Technology

83348 readers

183 users here now

founded 2 years ago

MODERATORS

L3s@lemmy.world

enu@lemmy.world

technopagan@lemmy.world

L4s@lemmy.world

L3s@hackingne.ws

830

CrowdStrike downtime apparently caused by update that replaced a file with 42kb of zeroes (twiiit.com)

submitted 2 years ago* (last edited 2 years ago) by Aatube@kbin.melroy.org to c/technology@lemmy.world

186 comments fedilink hide all child comments

…according to a Twitter post by the Chief Informational Security Officer of Grand Canyon Education.

So, does anyone else find it odd that the file that caused everything CrowdStrike to freak out, C-00000291-
00000000-00000032.sys was 42KB of blank/null values, while the replacement file C-00000291-00000000-
00000.033.sys was 35KB and looked like a normal, if not obfuscated sys/.conf file?

Also, apparently CrowdStrike had at least 5 hours to work on the problem between the time it was discovered and the time it was fixed.

you are viewing a single comment's thread
view the rest of the comments

[–] dgriffith@aussie.zone 3 points 2 years ago* (last edited 2 years ago) (1 children)

This was a binary configuration file of some sort though?

Something along the lines of:

IF (config.parameter.read == garbage) {
     Dont_panic;
}

Would have helped greatly here.

Edit: oh it's more like an unsigned binary blob that gets downloaded and directly executed. What could possibly go wrong with that approach?

[–] Aatube@kbin.melroy.org 3 points 2 years ago

We agree, but they were responding to “windows apparently has zero execution integrity”.