this post was submitted on 19 Jul 2024
169 points (96.7% liked)

Technology

59148 readers
2006 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
169
How One Bad CrowdStrike Update Crashed the World’s Computers (www.wired.com)
submitted 3 months ago by [email protected] to c/[email protected]
25 comments fedilink hide all child comments
 

https://web.archive.org/web/20240719155854/https://www.wired.com/story/crowdstrike-outage-update-windows/

"CrowdStrike is far from the only security firm to trigger Windows crashes with a driver update. Updates to Kaspersky and even Windows’ own built-in antivirus software Windows Defender have caused similar Blue Screen of Death crashes in years past."

"'People may now demand changes in this operating model,' says Jake Williams, vice president of research and development at the cybersecurity consultancy Hunter Strategy. 'For better or worse, CrowdStrike has just shown why pushing updates without IT intervention is unsustainable.'"

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] -3 points 3 months ago* (last edited 3 months ago) (1 children)

They are less of an actual computers in a sense that they are not running stuff under their owner / operator control. This would happen in Linux with much lower chances, because there are no side update channels to such a critical component of the system used there.

However, to take back what I just wrote :) - I am sure rightly motivated engineers would be able to build such a security hole into Linux too, under enough pressure from bad corporate decisions.

[–] [email protected] 1 points 3 months ago

What do you mean “no side update channels”? There are lots of software that update outside of a distro repo and lots of software that pulls metadata from the internet that could cause an error in the parser.