421
all 17 comments
sorted by: hot top controversial new old
[-] chalupapocalypse@lemmy.world 99 points 5 months ago

Management: Well we lost 8 billion dollars but we still don't have any extra money for backups or remote reimaging or vdi, but we will buy you 700 plane tickets to go to each computer and boot it into safe mode, also you're fired

[-] iAvicenna@lemmy.world 2 points 5 months ago

while management at CrowdStrike: we are doubling the number of min commits and reviews per day to make up for the damage

[-] onlinepersona@programming.dev -4 points 5 months ago

Much less invest in a memory safe language. If they don't take a serious look at Rust, Go, or some other memory-safe language... I'll stop right there: they won't. Management doesn't give a fuck as long as the cost is within manageable margins, or they can fire a bunch of scapegoats but change nothing.

Anti Commercial-AI license

[-] lseif@sopuli.xyz 17 points 5 months ago

a kernel module should not be written in Go

[-] 5C5C5C@programming.dev 4 points 5 months ago
[-] technom@programming.dev 8 points 5 months ago

I don't think that rust would have prevented this one, since this isn't a compile time error (for the code loader).The address dereferencing would have been inside an unsafe block. What was missing was a validity check of the CI build artifacts and payload check on the client side.

I do however, think that the 'fingers-crossed' approach to memory safety in C and C++ must stop. Rust is a great fit for this use case.

[-] Valmond@lemmy.world 2 points 5 months ago

Well, modern c++ with smartpointers is quite good IMO.

C on the ither hand is like swimming with sharks, with a nosebleed.

[-] Mikina@programming.dev 1 points 5 months ago

I might be wrong, but from how I understand it it probably wouldn't help. Kernel drivers have a rigorous QA and cert by Microsoft if you want to get them signed, which is a process that may take a long time - longer than you can afford when pushing updates to AV/EDR to catch emerging threats. What Crowdstrike does to bypass this requirement is that the CS Falcon is just an engine, that loads, interprets and executes code from definition files. The kernel driver code then doesn't need to change, so no need for new MS cert, and they can just push new definition files. So, they kind of have to deal with unsafe in this case, since you are executing a new code.

[-] zaphod@sopuli.xyz 3 points 5 months ago

What Crowdstrike does to bypass this requirement is that the CS Falcon is just an engine, that loads, interprets and executes code from definition files.

If Microsoft really has "rigorous QA and cert" for kernel drivers then they shouldn't have certified this, because now it's a certified bypass for the certification.

[-] FuglyDuck@lemmy.world 37 points 5 months ago* (last edited 5 months ago)

I’m willing to bet the threat of evil admin attacks will keep people up for a while.

[-] N0tTheBees@sh.itjust.works 30 points 5 months ago

If they made it malicious, we probably wouldn’t have noticed though

[-] Buddahriffic@lemmy.world 8 points 5 months ago

Plus this event doesn't rule out the existence of a malicious aspect.

[-] technom@programming.dev 4 points 5 months ago

Nobody ever learned from the solarwinds attack. If a massive amount of your infrastructure is backed by some obscure software, bad actors will either try to insert a backdoor or find a zero-day exploit. If people are going to neglect what just happened, crowdstrike will fall heals up, faster than solarwinds did.

[-] randomaside@lemmy.dbzer0.com 6 points 5 months ago

Wall Street bets regards linked to an evil admin attack? 😕

[-] ryannathans@aussie.zone 11 points 5 months ago

Some guy posted a short thesis for crowdstrike just hours before the thing happened

this post was submitted on 20 Jul 2024
421 points (97.9% liked)

Programmer Humor

19817 readers
552 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 2 years ago
MODERATORS