good lord. I pulled a microSD card out of a Raspi inside an IoT product and it appears they had some developer use a raspi to develop/test some software, and then they just yanked the SD card out of that machine and duped it on to all of their deployed products.

it's got .bash_history of the development process! there's git checkouts of private repos! WHY WOULD YOU DO THIS?

It is looking more and more like the whole thing happened due to malformed data files and a parser that crapped its pants trying to parse them. 🤦‍♀️

With that in mind, I'd like to suggest we all spend some time reminding ourselves of, or learning about, #LangSec:
https://langsec.org/

✨ LangSec® ✨
Don't pull a CrowdStrike!™

#InfoSec #CrowdStrike

The ambulance chasing by some companies (of which I used to work at) over the crowdstrike issue is disgusting.

In an unexpected turn of events, a sensible take on #Crowdstrike from the Orange Site.

Source: https://news.ycombinator.com/item?id=41004184

Obvious point - the CrowdStrike worldwide IT incident is not the fault of one CrowdStrike staff member.

Whoever created the signature or pushed the button does not operate in isolation. It’s a company with a $73bn market cap.

They need to, later, go back and look at everything that went wrong.

(meme by rantyben who does not elephantpost)

Southwest’s tech debt hurt it back in 2022 but it seems to be doing it some favors today.

Old Windows taketh away, but sometimes old Windows giveth.

https://www.digitaltrends.com/computing/southwest-cloudstrike-windows-3-1/

EDIT: Fix date

EDIT: @peterbutler pushed me to do a little more research, and I’m more comfortable saying it the underlying software probably dates to Windows NT or XP.

The thing I hope is alarming people about today's #CrowdStrike outage is that if the company can take out that much of America's tech infrastructure by accident with a single buggy update, our adversaries can do the same on purpose with a supply-chain attack against CrowdStrike, and that one probably wouldn't be as quick to recover from. #infosec

@hanno Byzantine designs are marketable, simple reliable, dependable (and, hence, secure) designs are not.

Their products are flawed not just because they're badly implemented - which they are - but because they are based on a stupid idea. The idea that you improve your IT security by adding more complexity. Doing the opposite is the right approach. But you can't sell that as a product. (You can still sell it, but it's not something you just plug into your network and get security magically.)

Let's cut the bullshit and spell out a few things. The IT security industry is about as trustworthy as the food supplement and vitamin industry, but somehow they escaped the same reputation. Their products are overwhelmingly based on flawed ideas, and the quality of their software is exceptionally bad. And while not everyone will agree with the harshness of my words, I'll say this: Essentially everyone in IT security who knows anything in principle knows this.

#2961 - CrowdStrike

The sheer volume of CrowdStrike-esque domains being registered and weaponized today is…staggering.

@LukaszOlejnik This paper seems to be fundamentally flawed — their simulator failed to properly use an RNG, so it simulated giving people the same topics on every site. See https://github.com/yohhaan/topics_api_analysis/issues/1

This points out how great it is for published papers to post their code and data set on GitHub! It means that we can actually point to the bug in their simulator, offer the one-line fix, and immediately re-run the corrected analysis using the author's own fixed code.

@thephd Well... https://x.com/snicoara/status/1814184181863526504?t=Dqqs4aQkEVbOAQZ_ORGb9Q&s=19

@thephd there's a main kernel driver and a bunch of .sys files that contain update data. the main kernel driver parses those .sys data files. one of those data files has incorrect data in it, which causes the parser (written in C) in the main driver to crash. from what I've seen of the analysis (early days) it looks like bad pointer maths from invalid data, leading to either UAF or OOB memory access.

Exploiting An Enterprise Backup Driver For Privilege Escalation - CVE-2023-43896 https://northwave-cybersecurity.com/exploiting-enterprise-backup-software-for-privilege-escalation-part-two

just ran into an incredible bug: portal 2 crashes if you happen to have a CPU with 128 threads

https://github.com/ValveSoftware/portal2/issues/367

Dear buttplug.io users:

We apologize for the current downtime.

If your butt is BSOD’ing, please try rebooting it a few times.