Conversation
buherator

buherator

OK I think this (via @cR0w) deserves some more attention ( #CrowdStrike CVE-2025-1146):

https://www.crowdstrike.com/security-advisories/cve-2025-1146/

In short, Crowd Strike agents on Linux can be MitM'd when they connect to their mothership (CS cloud).

My first Q is: what exactly is delivered to Falcon sensors from the CS cloud?

I present my second Q as a meme for higher reach:
1
7
15
silverwizard@convenient.email

silverwizard

Reply to @buherator

@buherator @cR0w

CrowdStrike identified this issue through our longstanding, rigorous security review process


Well I'm glad this is going well

1
0
0
buherator

buherator

Reply to @silverwizard@convenient.email
@silverwizard @cR0w To be fair, they could've pushed a silent patch...
1
0
2
cR0w@infosec.exchange

cR0w cascadia

Reply to @buherator

@buherator @silverwizard That's true. The wording on it is very self-backpatty though.

2
1
1
buherator

buherator

Reply to @cR0w@infosec.exchange
@cR0w @silverwizard PR has to show their worth, I'm pretty sure this wasn't composed by the offensive team
1
0
2
silverwizard@convenient.email

silverwizard

Reply to @cR0w@infosec.exchange
@cR0w @buherator Especially after the recent review of their patching process
0
0
0
cR0w@infosec.exchange

cR0w cascadia

Reply to @buherator

@buherator @silverwizard Of course. But the face of the company is the face of the company and criticism and mockery are fair, especially given the history of the org.

0
1
2
About infosec.place

Terms of Service

This is a placeholder, overwrite this by putting a file at 

$STATIC_DIR/static/terms-of-service.html

See the Static Directory docs for more info.