Another CrowdStrike-like outage could collapse cashless societies

user556 said:
Rubbish. Crowdstrike doesn't administer IT systems for anyone. They make a product.
Click to expand...
lol - the PRODUCT is automated security patches… it’s what large companies pay for instead of paying for in house IT who will be inferior.
user556 said:
That's a good reason to not let any external company automate it. But mainly it's because only you have full knowledge of your own systems.
Click to expand...
You really think your local IT company - with far less experience - will do a better job? Being familiar with a windows system is what CrowdStrike is paid to be - and usually, they are.
user556 said:
It's not a hard concept - Always do such updates as a test first. Or at the very least, on one live system before a full deployment.
Click to expand...
Pretty sure they do - this was an anomaly… again, I suspect the byproduct of hacking.
 
The security patches are for Windoze in general, not for your machines specifically. That's a big difference.
It's a department in these big outfits. They look after their own facilities.
It most certainly should be an anomaly since so many large scale systems should never have been autonomously untested like that. Whether M$ learns that or not is still to be seen.
 
user556 said:
The security patches are for Windoze in general, not for your machines specifically. That's a big difference.
It's a department in these big outfits. They look after their own facilities.
It most certainly should be an anomaly since so many large scale systems should never have been autonomously untested like that. Whether M$ learns that or not is still to be seen.
Click to expand...
They are for Windows - but depending on the package you purchase from CrowdStrike, you can customize… and again, they ARE tested - which is why I said this incident is highly suspicious.
 
Squid Surprise said:
They are for Windows - but depending on the package you purchase from CrowdStrike, you can customize… and again, they ARE tested - which is why I said this incident is highly suspicious.
Click to expand...
And what is this test environment? One of their customer's own machines at least I hope?
Even then, unmonitored automated testing is a total recipe for disaster eventually. And here we are.
And it'll keep repeating if what you are saying is the norm now.
 
user556 said:
And what is this test environment? One of their customer's own machines at least I hope?
Even then, unmonitored automated testing is a total recipe for disaster eventually. And here we are.
And it'll keep repeating if what you are saying is the norm now.
Click to expand...
I don’t think you understand the meaning of “customize”… but then, you’ve failed to grasp any of my points up til now so I guess that’s par for the course.

CrowdStrike has been one of the leaders in what they do for years… until last week, the fact that you’d never heard of them was a good thing - it meant they were doing their job really well…

Again, last week’s incident COULD have resulted from one act of extreme stupidity… but I find it highly unlikely. We may never find out exactly what happened - but there is more going on than what we’re being told.
 
It really makes no difference whether there was malicious action or just a mistake. The mechanism of allowing one system to update all other systems without separate testing of each of those others will then eventually lead to massive failures.
 
user556 said:
It really makes no difference whether there was malicious action or just a mistake. The mechanism of allowing one system to update all other systems without separate testing of each of those others will then eventually lead to massive failures.
Click to expand...
The system is the same whether you deploy before or after testing… my guess is that CrowdStrike tested a routine patch, and then “someone” modified the patch before it was globally deployed.

While you might reply “better to depend on your own company’s security” a company like CrowdStrike is usually far more secure than your average large corporation… but alas, no one is unhackable…
 
It's not about security at all. It's what I just said: "The mechanism of allowing one system to update all other systems without separate testing of each of those others will then eventually lead to massive failures."
That's about reliability rather than security.
 
user556 said:
It's not about security at all. It's what I just said: "The mechanism of allowing one system to update all other systems without separate testing of each of those others will then eventually lead to massive failures."
That's about reliability rather than security.
Click to expand...
The mechanism exists to deploy patches to multiple machines… the patches are SUPPOSED to be tested first… if they aren’t tested, it’s either because of extreme stupidity… or it’s because of a lapse of security and a malicious actor exploiting the lapse…

The answer is more security - if you lose the ability to deploy patches to multiple machines, the entire technological world would be paralyzed.
 
You must log in or register to reply here.

Similar threads

TS Dealmaster
  • Locked
For a limited time, grab a full Windows 11 Pro license for just $10
Replies
0
Views
3K
TS Dealmaster
TS Dealmaster
Daniel Sims
TSMC's 2nm wafer prices hit $30,000 as SRAM yields reportedly hit 90%
Replies
20
Views
252
LimyG
LimyG
TS Dealmaster
  • Locked
Unlock your productivity with Microsoft Office 2024, now $129 for a lifetime license
Replies
0
Views
612
TS Dealmaster
TS Dealmaster

Latest posts

Back