bags Posted July 22 Share Posted July 22 15 minutes ago, bejzbolka said: Jel može za nas neupućene, u čemu je fora sa ovim CrowdStrike, jel to neki fensi antivirus ili šta? Ovo je neki moj polusaj ELI5: Ako odes na njihov sajt videces gomilu fancy corporate bullshita. Medjutim nekoliko insjadera je pisalo da u pitanju nije nikakv specijalni AI nego nista drugo do gomile regexa. U principu postalo je tesko stiti OS od nepoznatih virusa jer odredjen vremenski period ti je potreban da odradis analizu, pa razumes signature pa posaljes update. Za to vreme virus je vec ihahaj napravio stetu. Zato se preslo na tehnologiju pracenja sta se desava u OS i onda kad aplikacija primeti da se desava nesto rizicno "ubija se" taj proces. Da bi to radilo sam antivirus se mora predstavljati kao drajver. Windows posto je fanatastican operativni sistem ( ) ima cak opciju da ako je drajver los da uzme prethodnu verziju i jos gomilu drugih mehanizama za prevenciju plavog ekrana smrti. Kod ovog update medjutim nije menjan drajver koji Crowdstike korisiti nego definicije tih "sumnjivih" radnji i onda drajver kad je citao iz toga fajla je pucao. 4 Link to comment
bags Posted July 22 Share Posted July 22 Nekad je bolje samo cutati. https://archive.ph/20240722121551/https://www.telegraph.co.uk/business/2024/07/22/microsoft-blames-eu-rules-worlds-biggest-tech-outage/ 2 Link to comment
bags Posted July 23 Share Posted July 23 U drugim vestima obustavlje deal kupovine security firme Wiz od strane Google za 23b. Wiz je inace najbrze rastuca firma u istoriji: https://www.independent.co.uk/tech/wiz-deal-takeover-google-rappaport-b2580046.html Sta tacno rade: https://pulse.latio.tech/p/wtf-is-cnapp Link to comment
Lucia Posted July 23 Share Posted July 23 18 hours ago, bags said: Nekad je bolje samo cutati. https://archive.ph/20240722121551/https://www.telegraph.co.uk/business/2024/07/22/microsoft-blames-eu-rules-worlds-biggest-tech-outage/ Zasto? Ovo nije tacno? Quote Microsoft, which offers its own alternative to CrowdStrike known as Windows Defender, agreed in 2009 to allow multiple security providers to install software at the kernel level amid a European competition investigation. Link to comment
bags Posted July 23 Share Posted July 23 15 minutes ago, Lucia said: Zasto? Ovo nije tacno? Tacno je ali sad kao smrde koriste situaciju da okrive EU komisiju, da bi ponovo samo njihov antivirus imao pristup kernelu. Nije problem u tome sto je Crowdstrike imao pristup kernelu nego sto su imali los QA. Jedino sto ja mislim da je ovaj broj koji je MS dao o borju pogodjenih daleko veci zbog raznih air gap resenja. 1 Link to comment
CPP Posted July 23 Share Posted July 23 10 minutes ago, Lucia said: Zasto? Ovo nije tacno? Quote Microsoft, which offers its own alternative to CrowdStrike known as Windows Defender, agreed in 2009 to allow multiple security providers to install software at the kernel level amid a European competition investigation. Tacno je, ali nije potpuna informacija. Mogli su npr da izbace drajvere iz kernela (ala Mac), ili, sto je i bio crux EU slucaja, da vrate level playing field koristeci userland pozive i u svojim aplikacijama. Ovo sto su uradili je bilo tehnicki najmanje zahtevno (i.e. najjeftinije) ali moze da se posmatra kao non prudent. Sto ce EU verovatno da odgovori. Link to comment
CPP Posted July 23 Share Posted July 23 4 minutes ago, bags said: Nije problem u tome sto je Crowdstrike imao pristup kernelu nego sto su imali los QA. Hehe kako kome. Ceracemo se sa mrskim birokratijama ali kernel ne sme pasti. 1 Link to comment
bags Posted July 23 Share Posted July 23 10 minutes ago, CPP said: Hehe kako kome. Ceracemo se sa mrskim birokratijama ali kernel ne sme pasti. Meni svejedno dok god ne guraju AI security u CLR ili JVM. Link to comment
Shan Jan Posted July 23 Share Posted July 23 https://www.businessinsider.com/crowdstrike-ceo-george-kurtz-tech-outage-microsoft-mcafee-2024-7 Quote On April 21, 2010, the antivirus company McAfee released an update to its software used by its corporate customers. The update deleted a key Windows file, causing millions of computers around the world to crash and repeatedly reboot. Much like the CrowdStrike mistake, the McAfee problem required a manual fix. Kurtz was McAfee's chief technology officer at the time. Months later, Intel acquired McAfee. And several months after that Kurtz left the company. He founded CrowdStrike in 2012 and has been its CEO ever since. "For those who don't remember, in 2010, McAfee had a colossal glitch with Windows XP that took down a good part of the internet," Sag wrote on X. "The man who was McAfee's CTO at that time is now the CEO of CrowdStrike." Bar je covek dosledan 3 1 Link to comment
bags Posted July 24 Share Posted July 24 https://www.theregister.com/2024/07/23/crowdstrike_ceo_to_testify/ CrowdStrike CEO summoned to explain epic fail to US Homeland Security committee Link to comment
Shan Jan Posted July 24 Share Posted July 24 Nesto mi se javlja da ce biti zanimljivo. Preveliko sranje se desilo a nemam utisak da doticni CEO ima veze i uticaj kao neki drugi igraci koji su isli na saslusanje. Link to comment
bags Posted July 24 Share Posted July 24 https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/ Verujem da je ovo najvise puta procitao njihov pravni tim. Ipak ovo je mozda najveci WTF: Quote How Do We Prevent This From Happening Again? Local developer testing Spoiler Based on the testing performed before the initial deployment of the Template Type (on March 05, 2024), trust in the checks performed in the Content Validator, and previous successful IPC Template Instance deployments, these instances were deployed into production. Radila je prosla verzija sta ima da testiramo... Link to comment
Shan Jan Posted July 24 Share Posted July 24 @bags mozes da prevedes ovu salatu reci za nas neuke? Link to comment
bags Posted July 24 Share Posted July 24 Spoiler 10 evrica partnerima za staying late... @Shan Jan Koriste specificnu terminologiju u celom reportu kao da ga je pisao neki vojnik u vojnoj bazi. A ne propustaju da kazu da su im izmakli MacOS i Linux. Ovaj put... U sustini neko je preskocio manuelno testiranje jer je prosla verzija radila. Ostatak cele analize maskira cinjenicu da im je celi proces (SLDC) na jako niskom nivou. Ako prezive prvo sto moraju da urade je ovo da admini u firmama koji ih koriste sami mogu dati go ili no go. "Local developer testing" iz prethodnog quote znaci da developer bar testira na svojoj masini pre nego sto posalje dalje. To se ocekuje cak i od klinca od 12 god koji radi sajt firmi od oca najboljeg druga a ne od firme koja ima pristup kernel drajverima na par milijardi kompjutera. Link to comment
Shan Jan Posted July 24 Share Posted July 24 Gospode boze Mislim mirisalo je na ovako nesto ali opet je neverovatno da je dozvoljeno. Za to vreme meni bi odsekli prste obe ruke da moji projektni planovi nisu testirani, validirani od vendora, prosli proveru jos jednog kolege koji nije involviran, dobili odobrenje sefa i idu bez devijacije od best practice-a. In other news, firma vec razmatra da za pocetak uvede neka vrsta redundanse sa drugim resenjem Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now