Mass worldwide IT outage hits airlines, media and banks

TheAwesomenESQ

AA says issue related to Crowdstrike cybersecurity software.
https://www.bbc.com/news/live/cnk4jdwp49et

Bismark

automatic updates :
-one incident, everyone gets it

versus

msg that a update is available:
-forums, irc, starts filling up with tears, update gets pulled before to long

I do like how graphene devs use alpha beta channels before pushing out updates. I myself manually disable the update app. I would rather just have option to only manually update when I want but allow to check anytime. Just think if a malicious actor got their hands on that crowd-strike computer that sends out the update, just imagine the level of destruction that could have happened such as drives being wiped all at the some preconfigured time, or data theft, ransom. whew Instead everyone should be happpy they can put the bitlocker key in and remove the update. windows users dodge a big one.

Ammako

Bismark Just think if a malicious actor got their hands on that crowd-strike computer that sends out the update, just imagine the level of destruction that could have happened such as drives being wiped all at the some preconfigured time, or data theft, ransom.

It wouldn't be that simple, unless Crowdstrike were completely incompetent with security. At the minimum I would expect updates to be signed and the signing key held on an airgapped machine, with multiple security steps to pass before being able to access the key, sign updates, and serve them, but you never know how badly managed these companies can be sometimes.

YouShouldntMind

Ammako Your last sentence is my personal problem here. To me personally, after reading various news about this "happening", it seems like they pushed a badly tested update of at least a driver component with a simple nullpointer-exception which is was not properly checked before, and which was not catched by an exception. It just crashed during boot, which caused the BSOD.
Then, this is what I personally think / assume:
It also seems like they pushed this bad update to most/every customers windows system (Both client and server) including those in production stage, probably without informing them.
It affected banks, insurance companies, airports and other big companies. I won't believe that every single one of them either has no testing stages, or they do have testing stages for things like this, but didn't use them.

Most Anti-virus (and similar) software gets updates every few hours or at least daily - just as Windows Defender does. But as far as I know, this only affects signatures, pattersn etc. and no code updates. Also, for example, Microsoft even gives you the possibility to delay those pattern updates on windows defender by days or weeks through group policies. Those updates can potentially brick this specific software, but a BSOD through a simple, automated background update is... not good.

It'll be interesting if they actually publish what exactly happened, but I believe it will be the same story as with Microsoft and their lost Azure Key. They won't tell the truth or even lie, maybe multiple times in a row.