e. hashman 🇵🇸Jul 19, 2024
Fun fact: when I worked in security I used to install and maintain Crowdstrike agents (among other security vendor products) on customer machines. It's not Windows-only, they also have a Linux client. Which runs as a kernel module and requires auditd.
Show threade. hashman 🇵🇸Jul 19, 2024

They also have a mac client, though it looks like neither Linux nor Apple machines were affected by the bad update.

I'd view that as pure dumb luck until I actually see an RCA. Because of the way their agents work, any system could be utterly borked.

Show threade. hashman 🇵🇸Jul 19, 2024
I would have thought at Crowdstrike's scale that SURELY they use a slow-rollout/canary model for global updates. But the scale of this outage suggests otherwise. There's no way the rollout should have continued with 100% of clients not checking in.
Show threade. hashman 🇵🇸Jul 19, 2024
I'm rolling my eyes at the people going off about "don't deploy on Fridays". This went out Thursday night. No matter what day of the week it went out, it's going to take more than a work week to fix and everyone's weekend would be toast. Sometimes you just ship real stinkers, lol
Show threade. hashman 🇵🇸Jul 20, 2024
Everyone loves to confidently proclaim that companies shouldn't do X or Y (don't use rootkits for security! audit checkboxes are useless!) but it's funny how there's always dead silence when you ask what companies who really don't have security as a core competency should do instead
Show threade. hashman 🇵🇸Jul 20, 2024

Genuinely trying to understand here why Starbucks should be investing in building a world-class computer security organization instead of just paying for the best option vendor product

Hard for me to see this as anything but self-serving for people in the security industry, lol

Show threadCassandrich
@ehashman You don't need a "world class computer security organization". You just need to not be doing stupid shit and running workstations like they're employees' personal computers. A workstation run like a workstation doesn't get viruses. A POS run like a POS doesn't get viruses.
Jul 20, 2024 at 2:36amWeb
Show threade. hashman 🇵🇸Jul 20, 2024
@dalias ah yes, "just not do stupid shit", a thing large organizations that employee thousands of non-computer literate are known for their expertise in
Show threadCassandrichJul 20, 2024
@ehashman If you're a large company, you hire competent ppl who work for you and whose obligation is to your interests rather than paying a Security Product vendor whose obligation is parting you with your money to CYA.
Show threade. hashman 🇵🇸Jul 20, 2024
@dalias can you name 5 real world examples where this has demonstrably worked?