Soldato
There's plenty of short arsed blokes on the Secret Service team too but that wasn't mentioned; rather it just seem to be a typical bash women post.
Each to their own i guess...
Global BSOD
- Thread starter Dirk Diggler
- Start date
Each to their own i guess...
Soldato
Don't think they care Xbox live is down more then whores drawers of late.
Ok gurus, please help!
I'm sure I should be getting a Bit locker screen when I hit "Command Prompt" but it's taking me straight to DOS. How can I access the OS drive from the command prompt?
I'm sure I should be getting a Bit locker screen when I hit "Command Prompt" but it's taking me straight to DOS. How can I access the OS drive from the command prompt?
Associate
Just an observation but it is kind of interesting from a historical change point of view how much mission critical and core infrastructure is now on Windows based servers if today is anything to go by. Go back 15+ years ago in the SME space at least, Windows was very much the tertiary part of a companies infrastructure with a Sun (Oracle)/RS/AIX/HPUX etc. backend doing the heavy lifting in the main (and on prem). Of course really back in the day it'd be a VME/VMS and dumb terminals, but I digress (and also feel quite old 
).
I know Red Hat (and it's successor flavours) and Ubuntu etc are a thing in Enterprise (my own company has a ton of them for different hardened tasks) but I guess I'm just surprised how many large/multinational companies are now Windows reliant.
).I know Red Hat (and it's successor flavours) and Ubuntu etc are a thing in Enterprise (my own company has a ton of them for different hardened tasks) but I guess I'm just surprised how many large/multinational companies are now Windows reliant.
Last edited:
I heard government just use whatsapp, the CIA can probably read every message every MP ever sent as plain text.
America probably has it's own little blackbook just like the political parties do to blackmail their members into pushing the party line.
weirdly blackmail is illegal in any other business setting
Last edited:
Soldato
No. Microsoft Windows is not the only OS running CrowdStrike. Actually all three Windows, MacOS and Linux hosts are running CrowdStrike.
CrowdStrike pushed out bug ridden single content update for Windows hosts first that caused BSOD, they probably pulled back bug ridden single content update for MacOS and Linux after CrowdStrike software engineers saw what they had done witnessed Windows global IT meltdown.
Last edited:
Soldato
Minecraft works, so I'm good.
Amusing that it's cyber security software at fault.
They get away with anything In the name of cyber these days and they have so much overreach it's astounding.
These companies come in and put the fear into execs and anyone else that will listen to get sales.
Did more damage than hacker groups could dream of, well done
They get away with anything In the name of cyber these days and they have so much overreach it's astounding.
These companies come in and put the fear into execs and anyone else that will listen to get sales.
Did more damage than hacker groups could dream of, well done
Soldato
- Joined
- 25 Nov 2005
- Posts
- 12,650
A good use case for why backups are critical on that rare occassion they are needed
Soldato
The part that was causing the issues was a channel device driver. Linux and OSX don't have these, so your last point is incorrect.
Last edited:
Associate
Crowdstrike can set N-1 or N-2 policy settings for groups of devices to avoid update issues. It might be bypassed due to this being classed as a channel update, although I am not sure. Either way, it's not a good look and expect some legal implications for them outside the stock price hit.
Not supposed to for official use. There are known backdoors in to it despite what Zuckerberg claims.
Soldato
I've held CRWD for a while now. PE aside, I still think it has legs - least until the demands for compensation roll in.
I dumped a chunk of money at opening. I've had a torrid couple of weeks shares-wise so it was a bit of rage punt "Have it all! I don't care anymore"
Man of Honour
Partially explained by the introduction of server core, which is now the default version.Just an observation but it is kind of interesting from a historical change point of view how much mission critical and core infrastructure is now on Windows based servers if today is anything to go by. Go back 15+ years ago in the SME space at least, Windows was very much the tertiary part of a companies infrastructure with a Sun (Oracle)/RS/AIX/HPUX etc. backend doing the heavy lifting in the main (and on prem). Of course really back in the day it'd be a VME/VMS and dumb terminals, but I digress (and also feel quite old
Associate
Even with the brunt of the work being done by real servers (tm), there is so much ancillary stuff being done by Windows now - think AD, DNS, DHCP... Even though your database is humming along happily thinking it's having a nice day off, your app servers can't establish connections to it because there's no DNS resolution...Just an observation but it is kind of interesting from a historical change point of view how much mission critical and core infrastructure is now on Windows based servers if today is anything to go by. Go back 15+ years ago in the SME space at least, Windows was very much the tertiary part of a companies infrastructure with a Sun (Oracle)/RS/AIX/HPUX etc. backend doing the heavy lifting in the main (and on prem). Of course really back in the day it'd be a VME/VMS and dumb terminals, but I digress (and also feel quite old
I know Red Hat (and it's successor flavours) and Ubuntu etc are a thing in Enterprise (my own company has a ton of them for different hardened tasks) but I guess I'm just surprised how many large/multinational companies are now Windows reliant.
Associate
Very true, I've been involved with a few ransomware incidents and as you say the actual real servers(tm)
have been unaffected, just the rest of the infrastructure has been compromised and laid to waste.I gather this hit around the middle of Friday afternoon in Australia! Ooof. RIP weekends for sys admins having to deal with this lol.
There are some people that have to deal with thousands of machines with this problem. The main reason this is so huge is:
1: There is no remote fix
2: Manual fixes are hampered by not being able to boot into safe mode easily on client machines, since these days most are protected with bitlocker
3: A lot of bitlocker keys are hosted..... you guessed it..... on servers with this same problem.
This has been confirmed as not a hack/security issue, but an internal issue by Crowdstrike making a bad update. The problem is that antivirus software typically is on auto update for clients to get things delivered fast, to prevent a time gap between exploits being able to be used on unprotected systems.
It is likely that no one individual can be blamed for this such as the dev that coded it, or the person that approved it etc. Deployment methods for even small companies will have processes in place to test things before being promoted to Prod. Usually multiple lower environments. There has obviously been a failing here of some sort. Either that test coverage did not capture this scenario somehow, or test environments were either by choice or by accident, bypassed.
On the other hand, I wonder if they have any Russian employees that work on the code.
There are some people that have to deal with thousands of machines with this problem. The main reason this is so huge is:
1: There is no remote fix
2: Manual fixes are hampered by not being able to boot into safe mode easily on client machines, since these days most are protected with bitlocker
3: A lot of bitlocker keys are hosted..... you guessed it..... on servers with this same problem.
This has been confirmed as not a hack/security issue, but an internal issue by Crowdstrike making a bad update. The problem is that antivirus software typically is on auto update for clients to get things delivered fast, to prevent a time gap between exploits being able to be used on unprotected systems.
It is likely that no one individual can be blamed for this such as the dev that coded it, or the person that approved it etc. Deployment methods for even small companies will have processes in place to test things before being promoted to Prod. Usually multiple lower environments. There has obviously been a failing here of some sort. Either that test coverage did not capture this scenario somehow, or test environments were either by choice or by accident, bypassed.
On the other hand, I wonder if they have any Russian employees that work on the code.
Associate
And the ******* thing about all this is that the advent of automation means smaller and smaller IT teams are looking after bigger and bigger estates.... then suddenly along comes something where the fix cannot be automated ....Very true, I've been involved with a few ransomware incidents and as you say the actual real servers(tm)
I didnt say microsoft was the only one running crowdstrike, I said windows with crowdstrike, its the combo thats the issue
You should be straight onto the OS drive, if not try a few drive letters till you find the directory.
Depending on the build of the machine, if its been upgraded etc, you can try the following
c:\windows\system32\drivers\crowdstrike
d:\windows\system32\drivers\crowdstrike
even had one machine where it was on x:, no idea how that was built
:-x:\windows\system32\drivers\crowdstrike
Then once in there you can delete the file causing the issue :-
dir C-00000291*.sys
del C-00000291*.sys