Oxide and Friends 7/24/2024 -- CrowdStrike BSOD Fiasco with Katie Moussouris
Вставка
- Опубліковано 21 жов 2024
- Bryan and Adam were joined by security expert, Katie Moussouris, to discuss the largest global IT outage in history. It was an event as broadly impactful as it will be instructive; as Bryan noted, you can see all of computing from here, from crash dumps to antitrust.
Context: mastodon.socia...
Notes: github.com/oxi...
Thank you for having Katie on! As she mentions, the CSRB reports are wonderful for pushing corp changes that have just really needed that ammo in the correct language. The Log4j report specifically we were able to use to finally get some (semi) centralized/monitored list of every library all our platforms so we could track versions used better, to ensure when a CVE (or whatever) needed us to patch/update, we could actually ensure we found all required systems. It was known for a while that such info would be useful by us handling day to day, but justifying the initial costs etc...
On 1st January 2000, at about half past midnight I remember phoning my Silicon Valley friends and former house mates from a nightclub in the UK to let them know nothing catastrophic appeared to have gone down (or at least the music and the bar was still working). Plus, of course, how often do you get to call somebody in a different millennia to you?
Katie is such a great guest. And has such a polite way to describe this absolute shit show of crowdstrike testing and rollouts processes.
I've seen it mentioned that microsoft doesn't have to give kernel access. They just have to give the same access that their tools are using. So building a security API and having defender use that should be allowed.
"he makes some mistakes, but he says them with such confidence"
I have no opinion on Dave but this is such a great quote, thanks Katie
Funnily enough there was a Linux CrowdStrike incident prior to this and on Linux CrowdStrike actually does run under eBPF.
1:30:14 "it wasn't that corporations weren't giving enough resources to open source projects, it's that they didn't know which ones would become important" this is word by word the issue (although not the only relevant one) at the heart of the xz backdoor attack as well, in the sense that there is limited visibility on semi-abandoned projects or struggling maintainers
My first dog was called Mac for Macintosh.
How did the us get the terrible title 'Airplane' when in real countries it was 'Flying High' ? 😅