Some absolute legend figured iut how to automate the Crowdstrike fix with a combo of WinPE and PXE
Need some more info to manage your calendar?
r2con2024 will happen in Barcelona on November 8, 9.
There will be two days of competitions, workshops and presentations. Get ready to share knowledge and have fun with friends!
We can’t spoil the location yet, so stay tuned for further updates!
Concerning CrowdStrike:
We are now at t+26h. Please compare how much we knew about the xz-attack after less than a day with what we know about the chain of events of giant outage yesterday.
If something similar had been caused by an OSS component, we would see congress discussing a ban on open software in critical infrastructure already.
As a manager, one of the most valuable things you can do is to model asking "dumb" questions—that is, questions that show ignorance about things you "should" know.
"Better to remain silent and be thought a fool than to speak and remove all doubt" may be all well and good in a social context, but in a professional context you have to be willing to ask questions that unlock information you need—even if you feel self-conscious about your current ignorance.
good lord. I pulled a microSD card out of a Raspi inside an IoT product and it appears they had some developer use a raspi to develop/test some software, and then they just yanked the SD card out of that machine and duped it on to all of their deployed products.
it's got .bash_history of the development process! there's git checkouts of private repos! WHY WOULD YOU DO THIS?
The ambulance chasing by some companies (of which I used to work at) over the crowdstrike issue is disgusting.
In an unexpected turn of events, a sensible take on #Crowdstrike from the Orange Site.
Obvious point - the CrowdStrike worldwide IT incident is not the fault of one CrowdStrike staff member.
Whoever created the signature or pushed the button does not operate in isolation. It’s a company with a $73bn market cap.
They need to, later, go back and look at everything that went wrong.
Southwest’s tech debt hurt it back in 2022 but it seems to be doing it some favors today.
Old Windows taketh away, but sometimes old Windows giveth.
https://www.digitaltrends.com/computing/southwest-cloudstrike-windows-3-1/
EDIT: Fix date
EDIT: @peterbutler pushed me to do a little more research, and I’m more comfortable saying it the underlying software probably dates to Windows NT or XP.
The thing I hope is alarming people about today's #CrowdStrike outage is that if the company can take out that much of America's tech infrastructure by accident with a single buggy update, our adversaries can do the same on purpose with a supply-chain attack against CrowdStrike, and that one probably wouldn't be as quick to recover from. #infosec
Let's cut the bullshit and spell out a few things. The IT security industry is about as trustworthy as the food supplement and vitamin industry, but somehow they escaped the same reputation. Their products are overwhelmingly based on flawed ideas, and the quality of their software is exceptionally bad. And while not everyone will agree with the harshness of my words, I'll say this: Essentially everyone in IT security who knows anything in principle knows this.
The sheer volume of CrowdStrike-esque domains being registered and weaponized today is…staggering.
Yes, shitposting is fun, but there's.a non-zero chance this incident has a body count given the impact on health care.
Exploiting An Enterprise Backup Driver For Privilege Escalation - CVE-2023-43896 https://northwave-cybersecurity.com/exploiting-enterprise-backup-software-for-privilege-escalation-part-two
just ran into an incredible bug: portal 2 crashes if you happen to have a CPU with 128 threads