Crowdstrike - basic IT processes

[mesquito_creek]

I have been out of the IT game for 2 years having supported production mission critical systems for utilities for 29 years…

Are these new IT youngsters deploying updates directly into their production Systems? Don’t you deploy all your third party updates into Dev/Test/QA prior to production. Defect should have shown up well in advance.

OR is the the “cloud utopia” that every vendor tried to push us toward where they decide to play tiddly winks with your production systems whenever they feel like it?

 

[DarkHorseRacing]

Crowdstrike is a trusted vendor used by at least half of Fortune 500.

So, you’d think they would test their own updates before deploying them.

However this slipped through. It’s the same as Microsoft borking their own systems.

Problem is most people have control over windows updates (wsus or intune).

Crowdstrike pushes updates on the regular and if you don’t you could leave yourself open to the zero-day of the week.

This fix for this is pretty simple if you have remote access to the server via a back door like iLO on HPE or iDRAC on Dell, or VMware. Boot into safe mode, delete a crowdstrike sys file are reboot and the server is back up.

User PCs are another matter, most have to be touched manually because there is no back door management (unless you have something like Intel vPro setup).

This is a serious hiccup from a trusted vendor, and I expect some lawsuits from the larger customers for the outage.

 

[DWC]

Crowdstrike is a trusted vendor used by at least half of Fortune 500.

So, you’d think they would test their own updates before deploying them.

However this slipped through. It’s the same as Microsoft borking their own systems.

Problem is most people have control over windows updates (wsus or intune).

Crowdstrike pushes updates on the regular and if you don’t you could leave yourself open to the zero-day of the week.

This fix for this is pretty simple if you have remote access to the server via a back door like iLO on HPE or iDRAC on Dell, or VMware. Boot into safe mode, delete a crowdstrike sys file are reboot and the server is back up.

User PCs are another matter, most have to be touched manually because there is no back door management (unless you have something like Intel vPro setup).

This is a serious hiccup from a trusted vendor, and I expect some lawsuits from the larger customers for the outage.

Crap, should i fill up vehicles, gas cans, water supply, MRE’s, cash reserves or not.

 

[ArizonaKevin]

We are one of (if not) the largest cloud provider in public safety space. We test everything in dev/sandbox/employee demo instance before pushing to prod.

 

[mesquito_creek]

Crowdstrike is a trusted vendor used by at least half of Fortune 500.

So, you’d think they would test their own updates before deploying them.

However this slipped through. It’s the same as Microsoft borking their own systems.

Problem is most people have control over windows updates (wsus or intune).

Crowdstrike pushes updates on the regular and if you don’t you could leave yourself open to the zero-day of the week.

This fix for this is pretty simple if you have remote access to the server via a back door like iLO on HPE or iDRAC on Dell, or VMware. Boot into safe mode, delete a crowdstrike sys file are reboot and the server is back up.

User PCs are another matter, most have to be touched manually because there is no back door management (unless you have something like Intel vPro setup).

This is a serious hiccup from a trusted vendor, and I expect some lawsuits from the larger customers for the outage.

So you back fill your non production systems after your "trusted vendor" pushes your production? ... no way

I would still require crowdstrike to push through my non production first.

I don't expect crowdstrike or any vendor to have every possible clients ecosystem to test. Don't care who's software it is or how good they think they are... So they have to deploy with some sort of test scenario. At a minimum deploy production into standby HA data centers and give the client the opportunity to segregate/firewall it off and give it one test "in production".

I am a dinasour and this is why I retired.

 

[DarkJuJu]

We are a pretty good sized CS partner and we use CS as our endpoint software for Managed Security Service Provider practice, below is the email we that has been sent to all customers/partners if your interested.

Valued Customers and Partners, I want to sincerely apologize directly to all of you for today’s outage. All of CrowdStrike understands the gravity and impact of the situation. We quickly identified the issue and deployed a fix, allowing us to focus diligently on restoring customer systems as our highest priority. The outage was caused by a defect found in a Falcon content update for Windows hosts. Mac and Linux hosts are not impacted. This was not a security or cyberattack. We are working closely with impacted customers and partners to ensure that all systems are restored, so you can deliver the services your customers rely on. CrowdStrike is operating normally, and this issue does not affect our Falcon platform systems. There is no impact to any protection if the Falcon sensor is installed. Falcon Complete and Falcon OverWatch services are not disrupted. We will provide continuous updates through our Support Portal at https://supportportal.crowdstrike.com/s/login/ and via the CrowdStrike blog at https://www.crowdstrike.com/blog/statement-on-windows-sensor-update/. Please continue to visit these sites for the latest updates. We have mobilized all of CrowdStrike to help you and your teams. If you have questions or need additional support, please reach out to your CrowdStrike representative or Technical Support. We know that adversaries and bad actors will try to exploit events like this. I encourage everyone to remain vigilant and ensure that you’re engaging with official CrowdStrike representatives. Our blog and technical support will continue to be the official channels for the latest updates. Nothing is more important to me than the trust and confidence that our customers and partners have put into CrowdStrike. As we resolve this incident, you have my commitment to provide full transparency on how this occurred and steps we’re taking to prevent anything like this from happening again. George Kurtz CrowdStrike Founder and CEO

 

[LAKEMAN]

Could you all please speak English.

 

[mesquito_creek]

We are a pretty good sized CS partner and we use CS as our endpoint software for Managed Security Service Provider practice, below is the email we that has been sent to all customers/partners if your interested.

Valued Customers and Partners, I want to sincerely apologize directly to all of you for today’s outage. All of CrowdStrike understands the gravity and impact of the situation. We quickly identified the issue and deployed a fix, allowing us to focus diligently on restoring customer systems as our highest priority. The outage was caused by a defect found in a Falcon content update for Windows hosts. Mac and Linux hosts are not impacted. This was not a security or cyberattack. We are working closely with impacted customers and partners to ensure that all systems are restored, so you can deliver the services your customers rely on. CrowdStrike is operating normally, and this issue does not affect our Falcon platform systems. There is no impact to any protection if the Falcon sensor is installed. Falcon Complete and Falcon OverWatch services are not disrupted. We will provide continuous updates through our Support Portal at https://supportportal.crowdstrike.com/s/login/ and via the CrowdStrike blog at https://www.crowdstrike.com/blog/statement-on-windows-sensor-update/. Please continue to visit these sites for the latest updates. We have mobilized all of CrowdStrike to help you and your teams. If you have questions or need additional support, please reach out to your CrowdStrike representative or Technical Support. We know that adversaries and bad actors will try to exploit events like this. I encourage everyone to remain vigilant and ensure that you’re engaging with official CrowdStrike representatives. Our blog and technical support will continue to be the official channels for the latest updates. Nothing is more important to me than the trust and confidence that our customers and partners have put into CrowdStrike. As we resolve this incident, you have my commitment to provide full transparency on how this occurred and steps we’re taking to prevent anything like this from happening again. George Kurtz CrowdStrike Founder and CEO

So how did it get into your production environment without having any exposure to a non prod first?

 

[mbrown2]

So how did it get into your production environment without having any exposure to a non prod first?

With Crowdstrike you have the capability to have updates turned on automatically or off so you can do them your self. Also, Crowdstrike's solution comes in different flavors... the software which does end point detection and response and your own security operations center monitors and responds to alerts. Also, you can have Crowdstrike complete which they take action on your behalf. I say all this because with complete the updates are normally automatically turned on. You are counting on Crowdstrike to do their testing correctly. Even so you have the ability to set your configuration as N-1, N-2...that means you are 1 or 2 versions behind the latest. This allows you to avoid new versions that might break your environment until you have the chance to test. But this particularly update was a channel/content file update that went to all versions regardless of configuration and broke the agent/software. Root cause is they failed at the change/deployment and the clean up is a very manual process given this works at the kernal level. We all may all have questions how did they miss this in dev, test, stage, ....I'm sure congress will ask those questions in the coming weeks.

 

[was thatguy]

Could you all please speak English.

They let some fixes out that were fucked up, that fucked some other shit up, and they’re arguing over whether fixes should be let out before testing them on their own shit, like in the good old days.
By extension, the big outfits who’s shit got fucked up will likely want to monetize their downtime and be made whole.
More or less.


On a side note, I had to watch Netflix until my magic box started working again…

 

[LAKEMAN]

They let some fixes out that were fucked up, that fucked some other shit up, and they’re arguing over whether fixes should be let out before testing them on their own shit, like in the good old days.
By extension, the big outfits who’s shit got fucked up will likely want to monetize their downtime and be made whole.
More or less.


On a side note, I had to watch Netflix until my magic box started working again…

View attachment 1404897

Gracias!!

 

[timstoy]

Could you all please speak English.

It blew up!

 

[mesquito_creek]

With Crowdstrike you have the capability to have updates turned on automatically or off so you can do them your self. Also, Crowdstrike's solution comes in different flavors... the software which does end point detection and response and your own security operations center monitors and responds to alerts. Also, you can have Crowdstrike complete which they take action on your behalf. I say all this because with complete the updates are normally automatically turned on. You are counting on Crowdstrike to do their testing correctly. Even so you have the ability to set your configuration as N-1, N-2...that means you are 1 or 2 versions behind the latest. This allows you to avoid new versions that might break your environment until you have the chance to test. But this particularly update was a channel/content file update that went to all versions regardless of configuration and broke the agent/software. Root cause is they failed at the change/deployment and the clean up is a very manual process given this works at the kernal level. We all may all have questions how did they miss this in dev, test, stage, ....I'm sure congress will ask those questions in the coming weeks.

As CIO of any company I would have a simple policy. nothing touches production without a test or you are fired.

 

[C-2]

We know that adversaries and bad actors will try to exploit events like this. I encourage everyone to remain vigilant and ensure that you’re engaging with official CrowdStrike representatives. Our blog and technical support will continue to be the official channels for the latest updates.

Yup, the State just sent out a warning about phishing emails during this "self-inflicted" (their words, not mine lol) event.

I read they knew about the threat and had a fix, but the pitch of the roof was too dangerous.

 

[Ace in the Hole]

This is a serious hiccup from a trusted vendor, and I expect some lawsuits from the larger customers for the outage.

Spoke to an old college friend when she called to tell me HBD today...they are all hands on deck to fix this thing...she didn't say much else other than literally everyone was called in to deal with it. (she works there)

 

[mesquito_creek]

When your cyber security vendor cost you more than any cyber security issue… maybe time to re think things

 

[mbrown2]

May want to stay away from these sites...never let a tragedy go to waste... Block these domains in your network security perimeter. All registered today 19th July in a 4hr window likely phishing domains just trying to find the dumb ones to click and give up credentials...

crowdstrikebluescreen[.]com
crowdstrike0day[.]com
crowdstrike-bsod[.]com
crowdstrikedoomsday[.]com
crowdstrikedoomsday[.]com
crowdstrikefix[.]com
crowdstrikedown[.]site
crowdstriketoken[.]com

 

[Cray Paper]

The costs for this are going to be astronomical, I dont know jack about IT but the companies this effected have a huge daily impact on our and most countries economies. I looked at their stock price this morning and it took a hit, then I looked at who owns the majority of it. HTF does a 3rd tier security company have a direct impact on the likes of Micro Soft? Seems to have only affected MS based IT geek gear?

 

[rivermobster]

May want to stay away from these sites...never let a tragedy go to waste... Block these domains in your network security perimeter. All registered today 19th July in a 4hr window likely phishing domains just trying to find the dumb ones to click and give up credentials...

crowdstrikebluescreen[.]com
crowdstrike0day[.]com
crowdstrike-bsod[.]com
crowdstrikedoomsday[.]com
crowdstrikedoomsday[.]com
crowdstrikefix[.]com
crowdstrikedown[.]site
crowdstriketoken[.]com

I just read this today. It's almost unbelievable what's going on out there sometimes!

Revolver Rabbit gang registers 500,000 domains for malware campaigns

A cybercriminal gang that researchers track as Revolver Rabbit has registered more than 500,000 domain names for infostealer campaigns that target Windows and macOS systems.

www.bleepingcomputer.com

 

[rmarion]

 

[Cobalt232]

This morning sucked. Woke up at 5:00 to a bunch of texts saying users couldn't connect to the server. I'm in Havasu, so I log on to my office computer remotely, which luckily was still up. I then learned that 24 workstations and 1 server which use Crowdstrike were blue-screened. Without understanding the problem, I reached out to our networking guy in Slovakia and the first thing he asked was if we had Crowdstrike installed. Realized then that was the common denominator. He was able to get the server back by deleting a CS file and the workstations eventually fixed themselves by about 7:00.

My daughter-in-law works for Crowdstrike and she said it was a crazy day for the company.

Amazing what they were able to bring down today.

 

[was thatguy]

I just read this today. It's almost unbelievable what's going on out there sometimes!

Revolver Rabbit gang registers 500,000 domains for malware campaigns

A cybercriminal gang that researchers track as Revolver Rabbit has registered more than 500,000 domain names for infostealer campaigns that target Windows and macOS systems.

www.bleepingcomputer.com

Impossible…hacking is all just nerd paranoia!


Note extreme sarcasm.
And that’s just one “gang”.

 

[Sharky]

Could you all please speak English.

Should have bought a Mac.

 

[MPHSystems]

Could you all please speak English.

Ok, let’s say that you drive a boat and your boat runs on gas. You buy your gas fro a gas station. Let’s call this gas station microshit. Now, gasoline gets additives. Some additives are to make it last longer, or make cleaner emissions or clean your valves or raise the octane. Some additives you might add yourself like “oct101“ or stabilizer or mystery oil and some additives microshit puts in at the refinery without you knowing.

One of these additives added at the refineries called crowdstrike. Croudstrike is put in your gas to prevent Nigerian princes from stealing your boat. These Nigerian princes are sneaky little fucks and croudstrike is continuously changing their formula to outsmart the Nigerian princes.

Croudshit has a bunch of boats they test each new formula in before they dump it in the microshit refinery. They want to make sure it’s safe and does what it’s supposed to. Microshit trusts croudshit and gave them a key to the refinery. Microshit lets croudshit just puts each new formula in the giant gas tank and just bills them for it.

Well, this time cloudshit missed a step and their latest formula made all the boats that get gas from microshit stop running and the only way to make the boat run again is to drain all the gas empty the fuel lines and fill the boat with fresh gas.

Well, a lot of businesses and most government agencies don’t have anyone who knows how to drain a gas tank.


That’s basically the official story and it sounds a lot more believable than a democrat plot to hack into dominion so Joe Biden gets 181 million votes this time..

 

[CLdrinker]

Hope this opens the door for Palantir @C-Ya

 

[rivermobster]

Ok, let’s say that you drive a boat and your boat runs on gas. You buy your gas fro a gas station. Let’s call this gas station microshit. Now, gasoline gets additives. Some additives are to make it last longer, or make cleaner emissions or clean your valves or raise the octane. Some additives you might add yourself like “oct101“ or stabilizer or mystery oil and some additives microshit puts in at the refinery without you knowing.

One of these additives added at the refineries called crowdstrike. Croudstrike is put in your gas to prevent Nigerian princes from stealing your boat. These Nigerian princes are sneaky little fucks and croudstrike is continuously changing their formula to outsmart the Nigerian princes.

Croudshit has a bunch of boats they test each new formula in before they dump it in the microshit refinery. They want to make sure it’s safe and does what it’s supposed to. Microshit trusts croudshit and gave them a key to the refinery. Microshit lets croudshit just puts each new formula in the giant gas tank and just bills them for it.

Well, this time cloudshit missed a step and their latest formula made all the boats that get gas from microshit stop running and the only way to make the boat run again is to drain all the gas empty the fuel lines and fill the boat with fresh gas.

Well, a lot of businesses and most government agencies don’t have anyone who knows how to drain a gas tank.


That’s basically the official story and it sounds a lot more believable than a democrat plot to hack into dominion so Joe Biden gets 181 million votes this time..

Well said!

 

[sirbob]

The good news is George is pretty handy with the wheel of a race car!


He is a true gear head and I’ve heard that he is the owner of a nice place being built in the Marinaview development in the Riviera?

 

[TimeBandit]

It seems like this one was a stupid mistake.

The hack that shut down car dealers cost the software company 25 million in Bitcoin.

Who is behind it Russia or North Korea?

 

[Sandlord]

Crowdstrike claimed the DNC server was hacked by Russia.
It was actually Seth Rich.
Crowdstrike said the Ukrainian Howitzers were hacked. They were not.
Crowdstrike controls the Dominion voting machines, enough said.
Guess who owns Crowdstrike?
Blackrock $16.13M
Vanguard Group $16.06M
Morgan Stanley $5.79M
Jennison Associates LLC $5.03M
Crowdstrike and the CIA always agree.
I wonder if it was a coincidence that this happened as soon as we learned the sniper had 3 offshore accounts?
Call me skeptical

 

[ArizonaKevin]

Crowdstrike claimed the DNC server was hacked by Russia.
It was actually Seth Rich.
Crowdstrike said the Ukrainian Howitzers were hacked. They were not.
Crowdstrike controls the Dominion voting machines, enough said.
Guess who owns Crowdstrike?
Blackrock $16.13M
Vanguard Group $16.06M
Morgan Stanley $5.79M
Jennison Associates LLC $5.03M
Crowdstrike and the CIA always agree.
I wonder if it was a coincidence that this happened as soon as we learned the sniper had 3 offshore accounts?
Call me skeptical

While I'm no fan of the way these investment companies are trying to shape the world how they see fit, the sum total of all of those companies represent just a 0.058% ownership stake of Crowdstrike's current valuation. Before the crash, their ownership was even less.

 

[CarolynandBob]

It had an impact on a lot of normal everyday people. Not just companies. Our friends that were starting on a month long vacation got delayed on a delta flight and missed their cruise ship leaving. Something about a “Jones act” wouldn’t let them join the ship at another port. I don’t know the details but it will cost our friend a lot of money.

 

[Sandlord]

Lets see if this works

x.com

x.com

So let me see if I have this Crowdstrike story straight….

When Hillary Clinton was Sec. of State, she was illegally funneling sophisticated weapons through Libya to terrorists in the MidEast in an effort to take out Assad in Syria for Israel. When the weapons transfer went sideways and the US Ambassador was killed in Benghazi, it was discovered she was using an illegal private server for secret communications. She destroyed the server, but not before its contents were leaked by Wikileaks, including communications about bizarre occult rituals and inexplicable code words involving children and pizza. Instead of investigating the leak themselves, the FBI relied on a Crowdstrike investigation that falsely claimed the server was hacked by Russia. The FBI cleared HC despite admitting she broke the law, and launched the Russiagate investigation, using more fake Clinton campaign disinfo to tie Trump to Russia to get a FISA warrant and spy on Trump while leaking dirt to the press to undermine first his campaign, then his presidency. When Trump had a call with Zelenskyy and asked about Crowdstrike, a “whistleblower” falsely claimed quid-pro-quo and launched the first impeachment to stop Trump’s inquiries. (It was in the midst of this impeachment trial, btw, when Event 201 took place. But that’s another story.) Fast forward to 2024 and Trump is dominating Biden when he miraculously survives a deep state orchestrated assassination attempt two days before the RNC. Two days later Crowdstrike causes the biggest computer
network crash in all of history, knocking millions of corporate and government systems offline for hours.

Other than the fact that Blackrock owns Crowdstrike and a Blackrock affiliated investment firm placed millions of dollars betting against DJT in the hours before the assassination attempt by a shooter who was featured in a Blackrock promo, did I miss anything?

 

[wzuber]

Lets see if this works

x.com

x.com

So let me see if I have this Crowdstrike story straight….

When Hillary Clinton was Sec. of State, she was illegally funneling sophisticated weapons through Libya to terrorists in the MidEast in an effort to take out Assad in Syria for Israel. When the weapons transfer went sideways and the US Ambassador was killed in Benghazi, it was discovered she was using an illegal private server for secret communications. She destroyed the server, but not before its contents were leaked by Wikileaks, including communications about bizarre occult rituals and inexplicable code words involving children and pizza. Instead of investigating the leak themselves, the FBI relied on a Crowdstrike investigation that falsely claimed the server was hacked by Russia. The FBI cleared HC despite admitting she broke the law, and launched the Russiagate investigation, using more fake Clinton campaign disinfo to tie Trump to Russia to get a FISA warrant and spy on Trump while leaking dirt to the press to undermine first his campaign, then his presidency. When Trump had a call with Zelenskyy and asked about Crowdstrike, a “whistleblower” falsely claimed quid-pro-quo and launched the first impeachment to stop Trump’s inquiries. (It was in the midst of this impeachment trial, btw, when Event 201 took place. But that’s another story.) Fast forward to 2024 and Trump is dominating Biden when he miraculously survives a deep state orchestrated assassination attempt two days before the RNC. Two days later Crowdstrike causes the biggest computer
network crash in all of history, knocking millions of corporate and government systems offline for hours.

Other than the fact that Blackrock owns Crowdstrike and a Blackrock affiliated investment firm placed millions of dollars betting against DJT in the hours before the assassination attempt by a shooter who was featured in a Blackrock promo, did I miss anything?

Interesting......connections and coincidences.

 

[zhandfull]

I was off Friday. Been getting all the IT updates from work on my phone. Sounded like they needed to touch every computer. Figured I better fire up laptop tonight to see if I have the dreaded blue screen. Looks like I’m good to go tomorrow (no blue screen). Did I dodge a bullet?

 

[foxfam312]

Crowdstrike claimed the DNC server was hacked by Russia.
It was actually Seth Rich.
Crowdstrike said the Ukrainian Howitzers were hacked. They were not.
Crowdstrike controls the Dominion voting machines, enough said.
Guess who owns Crowdstrike?
Blackrock $16.13M
Vanguard Group $16.06M
Morgan Stanley $5.79M
Jennison Associates LLC $5.03M
Crowdstrike and the CIA always agree.
I wonder if it was a coincidence that this happened as soon as we learned the sniper had 3 offshore accounts?
Call me skeptical

and the CEO of Crowdstrike is a Ukrainian, would love to know what was said on that phone call with president Trump and Zelenskyy, the other day.

 

[DarkJuJu]

There's no conspiracy theory here, Mandiant (fire eye at the time) now owned by Google did the DNC security audit not CS, receipts below. The talking heads in the media are morons when it comes to IT security, its also why I don't believe anyone in the congress/senate/or president can be over ~55 and have any idea how 85+ % of technology works much less IT security.

I deal with Microsoft o365 (10s of thousands of accounts) and offshore resources (which none of which these major IT firms (Delottie, Robert Half, Tata, IBM, etc) can afford to not use, and manage large % of the fortune 100/500) the culture isn't generally, hey I have massive amount of learned on the job experience, they work from play books, i.e. tell me what to do when x happens to y. You have MS who is constantly now changing the back end systems (everything is cloud delivered now, your win10, email, office apps etc.) but doesn't notify anyone because the QA hasn't been done property often times then effects other platforms. If this was a real attack of any kind they would have went after Linux/AIX/Oracle etc. systems, they run either the ERP or microservices systems that run everything else. This most likely came down to bad/lack of QA and MS changing win10 most likely to address a unknown security flaw before it was announced, since they also now compete directly with CS and other EDR/XDR/MDR services (endpoint detection and remediation)

https://www.mandiant.com/sites/default/files/2021-09/APT28-Center-of-Storm-2017.pdf

Microsoft Defender XDR | Microsoft Security

Explore how Microsoft Defender XDR helps identify and stop cyberattacks across endpoints, identities, email, collaborations tools, SaaS apps, cloud workloads, data loss insights, and more.

www.microsoft.com

Attackers Already Exploiting Flaws in Microsoft's July Security Update

In all, the company released fixes for a whopping 139 CVEs in its own products and four for non-Microsoft products.

www.darkreading.com

 

[MPHSystems]

Lets see if this works

x.com

x.com

So let me see if I have this Crowdstrike story straight….

When Hillary Clinton was Sec. of State, she was illegally funneling sophisticated weapons through Libya to terrorists in the MidEast in an effort to take out Assad in Syria for Israel. When the weapons transfer went sideways and the US Ambassador was killed in Benghazi, it was discovered she was using an illegal private server for secret communications. She destroyed the server, but not before its contents were leaked by Wikileaks, including communications about bizarre occult rituals and inexplicable code words involving children and pizza. Instead of investigating the leak themselves, the FBI relied on a Crowdstrike investigation that falsely claimed the server was hacked by Russia. The FBI cleared HC despite admitting she broke the law, and launched the Russiagate investigation, using more fake Clinton campaign disinfo to tie Trump to Russia to get a FISA warrant and spy on Trump while leaking dirt to the press to undermine first his campaign, then his presidency. When Trump had a call with Zelenskyy and asked about Crowdstrike, a “whistleblower” falsely claimed quid-pro-quo and launched the first impeachment to stop Trump’s inquiries. (It was in the midst of this impeachment trial, btw, when Event 201 took place. But that’s another story.) Fast forward to 2024 and Trump is dominating Biden when he miraculously survives a deep state orchestrated assassination attempt two days before the RNC. Two days later Crowdstrike causes the biggest computer
network crash in all of history, knocking millions of corporate and government systems offline for hours.

Other than the fact that Blackrock owns Crowdstrike and a Blackrock affiliated investment firm placed millions of dollars betting against DJT in the hours before the assassination attempt by a shooter who was featured in a Blackrock promo, did I miss anything?

That just about sums it up.

 

[MPHSystems]

Crowdstrike claimed the DNC server was hacked by Russia.
It was actually Seth Rich.

Seth Rich was tragically killed in a random street robbery and the robber(s) forgot to take his wallet, keys, watch, cellphone or anything else.

Actually a rather refreshing turn of events, first time in decades that Arcanicide wasn’t ruled a suicide.

 

[Big B Hova]

I dont speak hacker. So how long do I hold to my hat for? Is it the same has as the real estate one? Please advise

 

[gqchris]

So you back fill your non production systems after your "trusted vendor" pushes your production? ... no way

I would still require crowdstrike to push through my non production first.

I don't expect crowdstrike or any vendor to have every possible clients ecosystem to test. Don't care who's software it is or how good they think they are... So they have to deploy with some sort of test scenario. At a minimum deploy production into standby HA data centers and give the client the opportunity to segregate/firewall it off and give it one test "in production".

I am a dinasour and this is why I retired.

We have a new CIO that is making us strip our data centers and push everything to “cloud”

Us old timers warned him. But this scenario is exactly why we hate it. And we told him so.

Thank god we are not a crowd strike shop.

 

[ArizonaKevin]

We have a new CIO that is making us strip our data centers and push everything to “cloud”

Us old timers warned him. But this scenario is exactly why we hate it. And we told him so.

Thank god we are not a crowd strike shop.

Admittedly I have a very biased perception as someone that sells a lot of cloud, but I would argue the counter point here. We had a few customers that had their local network affected by crowdstrike, and our system was their only piece of technology that was still up and running since all they need is access to the internet to use it. They couldn't use their desktops or laptops to access it, but cell phones were still able to use our tools. We've seen this happen a few times over the last few years with local govt getting hit with ransomware that locks them out of local systems and they can then only use their cloud based systems.

 

[gqchris]

Admittedly I have a very biased perception as someone that sells a lot of cloud, but I would argue the counter point here. We had a few customers that had their local network affected by crowdstrike, and our system was their only piece of technology that was still up and running since all they need is access to the internet to use it. They couldn't use their desktops or laptops to access it, but cell phones were still able to use our tools. We've seen this happen a few times over the last few years with local govt getting hit with ransomware that locks them out of local systems and they can then only use their cloud based systems.

I totally agree with ya. It has really made my job ALOT more streamlined.

It just adds a bit more attack surface and we are at the mercy of support.

Our Azure bill is 100k a month and took 7 escalations to get a stateside Engineer a few days ago.

 

[ArizonaKevin]

I totally agree with ya. It has really made my job ALOT more streamlined.

It just adds a bit more attack surface and we are at the mercy of support.

Our Azure bill is 100k a month and took 7 escalations to get a stateside Engineer a few days ago.

Yikes, I don't even want to know how much we pay Azure. To my understanding we are their largest customer in the Gov cloud, somewhere north of 500 petabytes of data with them.