Some Def Con Attendees Forgive Crowdstrike - and Some Blame Microsoft Windows

Fortune reports that Crowdstrike "is enjoying a moment of strange cultural cachet at the annual Black Hat security conference, as throngs of visitors flock to its booth to snap selfies and load up on branded company shirts and other swag." (Some attendees "collectively shrugged at the idea that Crowdstrike could be blamed for a problem with a routine update that could happen to any of the security companies deeply intertwined with Microsoft Windows.") Others pointed out that Microsoft should take their fair share of the blame for the outage, which many say was caused by the design of Windows in its core architecture that leads to malware, spyware and driver instability. "Microsoft should not be giving any third party that level of access," said Eric O'Neill, a cybersecurity expert, attorney and former FBI operative. "Microsoft will complain, well, it's just the way that the technology works, or licensing works, but that's bullshit, because this same problem didn't affect Linux or Mac. And Crowdstrike caught it super-early."
Their article notes that Crowdstrike is one of this year's top sponsors of the conference. Despite its recent missteps, Crowdstrike had one of the biggest booths, notes TechCrunch, and "As soon as the doors opened, dozens of attendees started lining up." They were not all there to ask tough questions, but to pick up T-shirts and action figures made by the company to represent some of the nation-state and cybercriminal grups it tracks, such as Scattered Spider, an extortion racket allegedly behind last year's MGM Resorts and Okta cyberattacks; and Aquatic Panda, a China-linked espionage group.

"We're here to give you free stuff," a CrowdStrike employee told people gathered around a big screen where employees would later give demos. A conference attendee looked visibly surprised. "I just thought it would be dead, honestly. I thought it would be slower over there. But obviously, people are still fans, right?"

For CrowdStrike at Black Hat, there was an element of business as usual, despite its global IT outage that caused widespread disruption and delays for days — and even weeks for some customers. The conference came at the same time as CrowdStrike released its root cause analysis that explained what happened the day of the outage. In short, CrowdStrike conceded that it messed up but said it's taken steps to prevent the same incident happening again. And some cybersecurity professionals attending Black Hat appeared ready to give the company a second chance....

TechCrunch spoke to more than a dozen conference attendees who visited the CrowdStrike booth. More than half of attendees we spoke with expressed a positive view of the company following the outage. "Does it lower my opinion of their ability to be a leading-edge security company? I don't think so," said a U.S. government employee, who said he uses CrowdStrike every day.
Although TechCrunch does note that one engineer told his parent company they might consider Crowdstrike competitor Sophos...

Blackhat, not DEFCON

[phantomfive]

99% of people at BlackHat are there because a corporation paid them to be there. In most cases, it's a "cyber" security corporation. Of course people running the same kind of operation as Crowdstrike feel sorry for Crowdstrike.

Re:

[Anonymous Coward]

99% of people at BlackHat are there because a corporation paid them to be there. In most cases, it's a "cyber" security corporation. Of course people running the same kind of operation as Crowdstrike feel sorry for Crowdstrike.

Paid sponsors? Most “cyber” security companies are in business because of Microsoft’s tradition with “security”.

The irony could be easily lost if not for being so bitch-slap worthy.

Circle the Venture Capital Wagons

[will4]

This is nothing more than circling the venture capital wagons to protect VCs.

If one recent VC now public company high flying stock gets bankrupted by one event, the other VC firms and stocks will be questioned.

Re:

[vlad30]

On the other hand if Microsoft had better security built into Windows crowdstrike and its ilk wouldn't exist

I blame both

[Rosco P. Coltrane]

Microsoft has been incompetent and supplying insecure software for almost half a century.

Crowdstrike is incompetent too and carelessly fucked up critical bootup files.

But here's the clincher: both Microsoft and Crowdsource need to exist and both need to be incompetent for the misery the Crowdstrike software unleashed to happen at all. One can't exist without the other or without the other's incompetence: Crowdstrike's very raison d'etre and selling point is to compensate for Microsoft's incompetence. They o

Re:

[phantomfive]

Technically true, Linux could be replaced by a BSD. Unlike Windows, there's no reason to not use Linux.

Re:

[drinkypoo]

Technically true, Linux could be replaced by a BSD.

Sure, eventually. There's no BSD that's not way behind Linux.

Re: I blame both

[phantomfive]

Depends on what you want it for.

Re:

[drinkypoo]

Tell me your completely ignorant

My completely ignorant what?

of Linux, *BSD and general UNIX history without saying it directly.

I had more experience with different kinds of Unix as a teenager than you probably have now.

The number of things Linux has or does that *BSD did first would blow your tiny little mind.

As per usual for your arguments, that is irrelevant. We're talking about now, not years ago. Try to keep up with the calendar, sport.

Re: I blame both

[guruevi]

You put up the claim, now show the evidence. What feature do you think is in Linux that the BSDs donâ(TM)t have.

Re:

[SoonerC]

You put up the claim, now show the evidence. What feature do you think is in Linux that the BSDs donâ(TM)t have.

SystemD? (runs for the hills)

Re:

[david.emery]

If I had mod points today, I'd mod parent up, but I can't decide if I'd mod it "funny" or "insightful"....

Re:

[guruevi]

You mean a declarative init system? Like launchd

Re: I blame both

[drinkypoo]

Did you forget how to Google?

Re: I blame both

[retchdog]

but what about all my favorite open source apps like steam, mono/moonlight, nvidia drivers, wine, mathematica, matlab, google chrome, etc.?

there is not even a âoewindows subsystem for bsdâ! meanwhile, linux is up to two, AND itâ(TM)s the backend for android!

linux is far ahead of any bsd on these important pieces of the open ecosystem of the bazaar.

Re: I blame both

[phantomfive]

Not having a Windows subsystem for BSD is actually an advantage of the OS.

Re:

[Tough Love]

Certainly avoids a lot of work and subtle implementation difficulties.

Re: I blame both

[phantomfive]

No, Windows causes a lot of work and implementation difficulties.

Re: I blame both

[guruevi]

Wine and Mono both have BSD ports.

Re:

[Tough Love]

itâ(TM)s the backend for android

Equivalently, Android is a skin for Linux.

Re:

[drinkypoo]

The same could be said when crowdstrike bricked linux boxes

Crowdstrike did not brick anything. The definition of bricking is rendering a device unresponsive to the point that it takes heroic measures to resurrect it, such as reprogramming the firmware. The fix for Crowdstrike's massive failure was relatively simple and did not require any such heroics. They did, however, render the Windows systems unable to boot.

Crowdstrike did not do the same to Linux systems. The Linux systems suffering from a similar failure from Crowdstrike were experiencing kernel panics afte

Re:

[gweihir]

Indeed. The two are not comparable. No idea why some people keep pushing that lie.

It is quite clear that the Linux issue did not make Linux boxes unbootable at all and that a reboot plus regular (if fast) remote management was entirely enough to fix the issue on Linux.

Re:

[drinkypoo]

Indeed. The two are not comparable. No idea why some people keep pushing that lie.

I assume (generously, I think) that it could be because they want to say that this isn't Microsoft's fault because the same could have happened on Linux, and they got confused. But at best they are letting us know that they have no clue what actually occurred. Right from the first discussion about this here on Slashdot where the failures on Linux were reported as if they were relevant, I asked questions about whether it was actually the same or not. The discussion made it clear that it wasn't, so I proceede

Re:

[gweihir]

Windows advocates (as opposed to customers, who may not have another realistic choice) don't work on logic, they work on emotion.

Apparently, they do. Of course, failure does not get much worse than this when technological characteristics are under discussion.

As to the currant AMD problem: Do not worry about it. Unless somebody does a successful root-compromise on your system first, they cannot even do the attack. And when they have done that root compromise, it is probably not worthwhile at all to invest the extra effort. Yes, it is embarrassing. Yes, it shows that AMD needs to fix some things as well. But practical impact from a ris

Re:

[drinkypoo]

My concern is not that the attack is super likely, it's that it's super permanent. My processor is old enough that AMD has announced that there will not be a fix. But this should not be a warranty issue as this is a design failure. And they are ABLE to fix it for these older processors, but they are choosing not to. It's seriously embarrassing. This is some Intel-level bullshit. Now there are zero vendors worthy of trust.

mod this comment too

[drinkypoo]

I have bought exclusively AMD processors for decades.

I don't like it when my vendor is incompetent at security.

It doesn't matter which vendor it is.

Re: I blame both

[t0y]

Looks like a race condition to me. Maybe it's by design due to Linux imposed limitations but it's something that may be exploitable by malware.

Re: I blame both

[jerrylucky]

So this confirms exactly it happened on Windows and not the same for Linux. Because Windows handles it worse. Thus, why itâ(TM)s a Windows problem and corporations and governments shouldnâ(TM)t be so dependent on these easy points of failure.

Re:I blame both

[gweihir]

I completely agree. Well said.

Incidentally, when (not if) we get real product liability (as has happened in _all_ other engineering disciplines eventually), neither Microsoft nor Cloudstrike will exist much longer

Re:

[Bongo]

I completely agree. Well said.

Incidentally, when (not if) we get real product liability (as has happened in _all_ other engineering disciplines eventually), neither Microsoft nor Cloudstrike will exist much longer

I agree, liability is foundational. But, in 1986 the government gave vaccine manufacturers quite a bit of immunity, because they were getting sued. (That is not medical advice, that's just what happened.) I would guess that the big players in the IT industry only need to argue that writing bug free code is impossible -- and that includes that it's impossible to devise enough tests to find every bug -- therefore, there will always be damages -- but if you allow millions of people and thousands of companies t

Re: I blame both

[flyingfsck]

Yup - A low quality OS plus a low quality security layer, does not magically make a high quality system.

Re:

[Creepy]

Crowdstrike failed to actually test their patch, which tells me they have no QA. As a former QA worker, I've seen serious f*ups, but none that actually reached customers. Microsoft OTOH, has released buggy software for years, but nothing OS crippling that I know of.

Re: I blame both

[Anamon]

They've released some Windows patches in the last couple of years that broke a portion of systems. Nothing on this scale, though. But MS has also famously slashed their QA.

Re: I blame both

[Creepy]

I have two cousins that used to do QA for them in Seattle, and while they slashed QA in the US, they hired in other countries like India, China and Romania where labor was 1/3 to 1/4 the cost (no idea what it is now, that was like 2005). I only kept a job in the US for a long time because we were US government contractors, but even that job went to developers because out of 10 people, who do you cut first? I've seen that product deteriorate and wrote about 50 bugs because I now support it - number fixed? 3. They recommend we upgrade to the latest and see if the bugs still exist (I have zero control over that).

Re: I blame both

[guruevi]

This CrowdStrike bug specifically could not have happened on Linux because of guard pages and similar protections. The problem enabling it in Windows is there are many things that expect to be able to go out of bounds and not get killed off.

Conflict between security and usability

[khchung]

This so fits the stereotype of what most people think of cybersecurity: "security == inconvenience"

The fact that supposed security experts would think so lightly of a piece of security software bringing down the systems it was supposed to protect shows how abyssal the state of the industry is. Availability was supposed to be one of the aim of security, and that seemed to be lost somewhere in all the buzzwords.

Re:Conflict between security and usability

[phantomfive]

Note that most of the people interviewed were not actually programmers.

Re:

[gweihir]

Here is another dark industry fact that shows how messed up it is: Most "security experts" cannot code, have no system administration experience, but also do not have real risk management expertise.

Re: Conflict between security and usability

[phantomfive]

The most important skill in security is sales. That's why it's "cyber."

Re:

[gweihir]

Sad, but true.

Re:Conflict between security and usability

[NettiWelho]

The fact that supposed security experts would think so lightly of a piece of security software bringing down the systems it was supposed to protect shows how abyssal the state of the industry is. Availability was supposed to be one of the aim of security

bluescreens force system to shut down to prevent running with corrupted state, to protect from further damage.

Re:

[drinkypoo]

Availability was supposed to be one of the aim of security

bluescreens force system to shut down to prevent running with corrupted state, to protect from further damage.

You're both right. The BSOD is better than running insecure. But you know what's better than a BSOD? Security software that checks its own input to make sure that it makes sense before accessing memory locations based on that input. This isn't security 101 because they didn't even get that far, this is programming 101. You have to check your input just to protect from data corruption, let alone malice or hey, what about simple incompetence?

Crowdstrike isn't even competent at programming, what makes anyone i

Re:

[Tablizer]

But you know what's better than a BSOD? Security software that checks its own input to make sure that it makes sense before accessing memory locations based on that input.

The problem as I understand it is that a good security system allegedly needs Turing-Complete scripts that can be added during run-time. But because they run at the root level, they need to run fast. Validation of memory and values allegedly slows them down too much.

I'm not sure if they can use compiled DLL-like things that are checked vi

Re:

[khchung]

The fact that supposed security experts would think so lightly of a piece of security software bringing down the systems it was supposed to protect shows how abyssal the state of the industry is. Availability was supposed to be one of the aim of security

bluescreens force system to shut down to prevent running with corrupted state, to protect from further damage.

Forgivable if the system was under attack and CrowdStrike shutdown the machine as a defensive measure.

Taking down the system with a routine maintenance is more like a body checkup that knocked the patient into coma.

Re:

[Tablizer]

bluescreens force system to shut down to prevent running with corrupted state, to protect from further damage.

We need Yellow Screen of Second Chance ;-)

Re:

[Jahta]

This so fits the stereotype of what most people think of cybersecurity: "security == inconvenience"

Agreed. Too many people fail to recognise that security is a spectrum with "Secure As Possible" at one end, and "Convenient As Possible" at the other end. The challenge is to strike a sane balance between the two, based on your particular threat model. At, or near, either extreme is usually not a good place to be.

Re:

[gweihir]

Not quite, the threat model is only part of it. What you actually need to do is competent IT risk management and that is much more than just a threat model.

Anyways, having fundamentally incompetent coders (as Crowdstrike was clearly using) implement new features in system components that can make a system unbootable and then fail to adequate test and review these changes, is clearly a balance that will work only for "toy" systems.

Re:

[Jahta]

Not quite, the threat model is only part of it. What you actually need to do is competent IT risk management and that is much more than just a threat model.

True. I was using "threat model" as a shorthand for "well thought out security policy and management". The model is just the foundation; you have to implement practical solutions on top of it.

Re: Conflict between security and usability

[flyingfsck]

Military IT motto: We are not happy until you are not happy.

Re:

[hjf]

The "Cybersecurity" team at my company has always been in the "as secure as possible, and we decide how you do things. and nothing you can say will change our minds. we have one policy for everyone, and we won't change it for anyone".

this also affects developer machines. We were recently notified that PowerShell access will be removed entirely, and activated in a case-by-case basis only and only if cybersecurity considers the justification for it good enough (they won't. they don't want to deal with anythin

Re:

[Bongo]

The "Cybersecurity" team at my company has always been in the "as secure as possible, and we decide how you do things. and nothing you can say will change our minds. we have one policy for everyone, and we won't change it for anyone".

this also affects developer machines. We were recently notified that PowerShell access will be removed entirely...

I get the impression that there's something about cyber security which makes space for this kind of mindless rule making. We have a list of controls and our job is to make everyone follow the controls, like. It's like you have to wear a space suit and a deep diving suit and steel toe capped boots and a safety helmet and strap a defibrillator to yourself and have hazmat suit and a biological warfare suit, all at the same time.

I suspect the reason is that children can learn to understand rules in a simple way

Re:

[fuzzyfuzzyfungus]

I certainly wouldn't dismiss the possibility of just plain personality defects; but what can happen is that "Cybersecurity" gets handed the responsibility for there to be A Policy (either formally, because someone wants to tick all the boxes to get some insurance or an ISO-something certification; or informally in the sense that any incidents that occur get someone in "Cybersecurity" a dressing down); without there necessarily being either a corresponding "work with cybersecurity so your needs don't just bu

Re:

[Bongo]

"Cybersecurity" gets handed the responsibility ... someone wants to tick all the boxes

merry band of special projects types who wants more or less complete exemption

'cybersecurity' responsible for risks other people incur

'cybersecurity' entities are often spooked by the most alarming activities of people analogous to you

unusable on headless Linux systems ... we're just required to ensure that anyone making those sorts of connections is using either interactive MFA or certificates

IT discovers that they are d

Re:

[gweihir]

The fact that supposed security experts would think so lightly of a piece of security software bringing down the systems it was supposed to protect shows how abyssal the state of the industry is. Availability was supposed to be one of the aim of security, and that seemed to be lost somewhere in all the buzzwords.

I completely agree. This was an abysmal failure, which Microsoft set up (due to low security and bad boot processes on Windows) and Crowdstrike triggered. Nothing of this is the slightest bit acceptable and should open up both enterprises for shared unlimited liability. I feel deeply insulted that people that apparently think not much has happened are calling themselves "security experts". They clearly are anything but.

Re:

[ScooterBill]

While both Crowdstrike and Microsoft played a part, it was Crowdstrike that toppled the first domino. They need to own this. You can fuck up any OS if you have low level access and Anti-virus systems need low level access to stop boot viruses. The real blame should go to whoever released the patch without doing enough testing and just as importantly, whoever decided to roll it out on a Friday and all at once. And just because Linux didn't suffer a boot loop doesn't mean Linux is rock solid. I know, I u

Re:

[fuzzyfuzzyfungus]

I certainly wouldn't argue that the 'security' industry is healthy; but it's big enough that it's probably a mistake to read any one person's areas of interest as indicative of the entire industry.

In the case of Availability; part of that has just been folded into generic "IT"/"Operations", with just being real disciplined and careful about backups on the low end in terms of technical hotshot status; and SREs doing clever things with monitoring and orchestration on the medium/high end; but if you want to

Re:

[Bongo]

This so fits the stereotype of what most people think of cybersecurity: "security == inconvenience"

The fact that supposed security experts would think so lightly of a piece of security software bringing down the systems it was supposed to protect shows how abyssal the state of the industry is. Availability was supposed to be one of the aim of security, and that seemed to be lost somewhere in all the buzzwords.

There's a third factor:

Complexity is the enemy of both security and convenience.

To borrow the slogan [wikipedia.org]

The network is the [thousands of other people's] computer [who all have their own incentives which don't necessarily align with your own].

If a system is so critical that it must have deeply invasive security software which is getting live updates, because someone might click a bad link, then why is that system being used for anything critical? Why aren't all these "critical" systems being isolated? Why is eve

RCA? No thanks.

[Bu11etmagnet]

That RCA is 99% pure bulshittery. Entertaining review of the CrowdStrike RCA [youtube.com]

Forgiving Crowdstrike? Really?

[ndykman]

CrowdStrike didn't have process in which before they released any updates to production, they would just release them to a actual canary environment to make sure it didn't catch all the machines on fire. Which you need to do when you have kernel code.

Not to mention that the driver seems to be poorly written with a ton of sanity checks missing.

Finally, Microsoft did propose an API to allow security vendors what they needed in user space. The EU killed it as anti-competitive because MS wouldn't also have to use it, but continue to use kernel drivers, completely ignoring that user-mode code is way easier to write, making it easier for new and smaller business to compete and nothing MS did would prevent you from using kernel drivers if you wanted to.

Re:Forgiving Crowdstrike? Really?

[drinkypoo]

Not to mention that the driver seems to be poorly written with a ton of sanity checks missing.

To me, this is the real root of the who-to-blame map. You can put a little bit on Microsoft for just being bad at everything, but ultimately Crowdstrike didn't check their input and that makes them fundamentally incompetent. They have no business being allowed to manage anything.

Microsoft did propose an API to allow security vendors what they needed in user space. The EU killed it as anti-competitive because MS wouldn't also have to use it

A more accurate way to write that is that Microsoft didn't want to use it. If Microsoft made that the only way to do those things and then went on to use that mechanism themselves so that their competing products didn't have an anticompetitive advantage, they could have done so. But that's not what they wanted to do. Now here we are, at peak stupid — incompetent, insecure OS gets taken down expensively by incompetent, inadequate security management software.

Re:

[gweihir]

Now here we are, at peak stupid — incompetent, insecure OS gets taken down expensively by incompetent, inadequate security management software.

Not quite complete. The missing part is that incompetent operators first select the grossly insecure OS, then see massive damage done by the incompetently written security software ... and learn apparently absolutely nothing from that disaster.

The usual damage level where government engineering regulation stepped in hard in the past is a few hundred people dead. Since the customers are clearly too stupid to act proactively, I guess we will see that one happen here as well. What a shame.

Re: Forgiving Crowdstrike? Really?

[AnnoyingBastard]

except MS anti-virus/EDR products were NOT bypassing the restrictions that they were going to enforce for kernel access. if I recall correctly McAfee was making the point that they probably wouldn't adhere to the restrcitions in future and leverage it as an anti-competitive advantage. Knowing MS that might be very true, but it technically wasn't the case when they proposed it.

Re:

[gweihir]

Well, then MS could simply have given a respective _credible_ assurance, one with real penalties and regular independent verification they pay for (which would have been peanuts). They chose not to and their history spoke not in their favor.

This is 100% on MS. The EU is not to blame at all. Unless you think having actually working anti-trust law is a problem?

Re:

[gweihir]

Finally, Microsoft did propose an API to allow security vendors what they needed in user space. The EU killed it as anti-competitive because MS wouldn't also have to use it, but continue to use kernel drivers, completely ignoring that user-mode code is way easier to write, making it easier for new and smaller business to compete and nothing MS did would prevent you from using kernel drivers if you wanted to.

That is a direct lie. The EU "killed" nothing. The only requirement was equal access for 3rd party tools and MS tools. MS chose to not limit their own tools to that API and hence decided to open everything. You do not seem to understand how anti-trust law works and what it purpose is.

Re:

[mrprogrammerman]

We're conflating two things - providing a usermode API for security vendors and locking down the kernel. It seems like the EU killed locking down the kernel to only MS. MS can still provide a functional usermode API for security vendors and let customers choose.

Microsoft shouldn't be giving that level of access

[misnohmer]

So they will be lobbying the EU antitrust lawmakers to reverse their rules that require it? I suspect Microsoft would love to lock the kernel down like their smaller competitors.

Re: Microsoft shouldn't be giving that level of ac

[AnnoyingBastard]

and they should, as long as APIs are provided to be able to perform most of the protection tasks but from user space not kernel space. And: not bypass the restrictions themselves to provide products that don't need to play with the same rules.

Re:

[gweihir]

The EU never required it. All MS would have had to do was make it credible that their own security software would not get special access. They can still do that.

The process here is that the EU finds illegal vendor behavior. Then the vendor is expected to make a proposal, which gets reviewed by EU experts and the competitors that have been wronged. The only acceptable proposal MS made was kernel-level access for the competitors and that one got accepted. They could have proposed other things. Simply promisin

Re:

[misnohmer]

Microsoft has kernel API's which have sufficient power to blow up Windows. They are using said API's for Microsoft products (one of which is Windows), but that is considered anti-competitive, so EU requires that all vendors get access to the same API's. Could they have developed some framework which would move things into userspace, and wrap each API is some safety wrapper? Sure. However, this framework itself would be a Microsoft product calling the kernel APIs, which again would violate the EU's antitrust

Re:

[gweihir]

That is really just complete bullshit. You need to stop hallucinating or you will never understand how things actually work.

out of jail card

[nicubunu]

Crowdstrike is paying left and right in the hope they will minimize consequences of their mess. The press should not help them with this.

On the other hand, as a declared Microsoft hater, I would not condemn Microsoft for the level of access they allowed, level of access is granted by the users, OS is expected to do what the user says. And users (sysadmins, management) were guilty for putting trust in Microsoft and Crowdstrike for anything mission critical.

Re:

[gweihir]

Microsoft is still guilty of setting the whole mess up and not only by the interface design, but by the general bad state of Windows security and a flawed boot process.

Yes, MS users are stupid. But human engineering history amply shows that customers generally cannot judge product risks and quality competently. Hence things only ever got better with product liability and/or regulation. Well, I guess we will need a few 100 people dead next time. Maybe then things will change. In other engineering fields, tha

Re:

[bussdriver]

Microsoft does a lot to CREATE DEMAND for security products. They never thought much about security or gave it priority except when it is support or damage control and as always, PR.

We might not have the CPU mess we do right now with remote management and trusted boot etc. if MS wasn't pushing things around in that space. Now we've got Pottering messing with Linux who works for MS...

its paid dudes from big corp Security Teams

[Tommy_S]

Of course they aren't going to bite the hand that feeds them. That said, I do think Microsoft owns at least a hefty share of the blame

I see this another way

[drinkypoo]

Fortune reports that Crowdstrike "is enjoying a moment of strange cultural cachet at the annual Black Hat security conference, as throngs of visitors flock to its booth to snap selfies and load up on branded company shirts and other swag"

If I were there, I would too. It's potentially a "do you remember when" moment, as in "do you remember when Crowdstrike destroyed Delta Airlines" or for that matter, "do you remember when there used to be a company called Crowdstrike".

(Some attendees "collectively shrugged at the idea that Crowdstrike could be blamed for a problem with a routine update that could happen to any of the security companies deeply intertwined with Microsoft Windows.")

Yes, some attendees know it could happen to them, because their software also sucks and also runs on Windows. They don't want to talk too much just in case.

Who gets most of the blame....

[dowhileor]

If not crowdstrike, if not microsoft, the users then shoulder most of the blame? I guess some inventive tech person could have commited to testing the environment on their own time then publish the results...? I'm being sarcastic btw ./

defcon is just security larp

[0xdeaddead]

collecting stickers and hoping not to get outed as they are all feds.

What's the time?

[Anonymous Coward]

It's Def Con One
Say, what's the time?
Just get me some
Big Mac fries to go.

Ground floor, coming up!

Yeah, but no

[Anamon]

"Microsoft will complain, well, it's just the way that the technology works, or licensing works, but that's bullshit, because this same problem didn't affect Linux or Mac."

Well, no. Crowdstrike actually managed to fuck this up on Linux earlier in the year, too. This guy has no clue and hasn't been reading the news.

Blaming Microsoft for this is as much of a stretch as blaming Intel or AMD for the fact that their CPUs executed the buggy code CrowdStrike shipped.

Not damaging the opinion these people have of Cr

Re:

[account_deleted]

Comment removed based on user account deletion

BS

[SuperDre]

This could easily have happened to Linux or Mac. Let's not forget the Crowdstrike linux problems only a few weeks prior. But any lowlevel driver which has access to the kernel can cause such a problem, even on Linux. I've seen Linux also crash due to crappy lowlevel drivers.

Blame Crutch or Broken Leg

[BrendaEM]

Microsoft security still can't walk. When you compromise security for every occasion, you cannot expect security.

What's needed is a Manhattan Project

[Mirnotoriety]

What's needed is a Manhattan Project [stanford.edu]. To design a platform that can't be compromised by feeding it a amalicous script or opening an email attachment or clicking on a malicous WebLink.

The WinTEL model obviously showing its age and despite masses of sticking-plaster such as CrowdStrike, can never measure up to the task. Since a lot of peoples jobs depend on not knowing this - nothing is going to change.

Bullshit

[dnaumov]

"but that's bullshit, because this same problem didn't affect Linux or Mac"

No, THAT claim is bullshit, because exactly this kind of problem has happened before both on Linux and Mac, both precisely because the exactly same level of access was given to the software that had the flaw.

"Most Def Con Attendees Are Complete Morons"

[Bahbus]

There. Fixed the title for you.

"And Crowdstrike caught it super-early."

[sonamchauhan]

>> "And Crowdstrike caught it super-early."

Crowdstrike caught what super-early? Definitely not the bug. :-D

I remember first reading Crowdstrike's explanation on The Register. That Reg article was needed because Crowdstrike's explanation was behind a paywall -- some sort of 'authenticated-corporate-account-only' page. So they were certainly not ready to mitigate the chaos they caused the world -- millions of mandays were lost, perhaps tens of millions.