this post was submitted on 20 May 2025
148 points (98.1% liked)

Sysadmin

11924 readers
1 users here now

A community dedicated to the profession of IT Systems Administration

No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
!lemmy@lemmy.ml
!lemmyworld@lemmy.world
!lemmy_support@lemmy.ml
!support@lemmy.world

founded 2 years ago
MODERATORS
DarraignTheSane@lemmy.world
00Lemming@lemmy.world
L3s@lemmy.world
148
Delta can sue CrowdStrike over computer outage that caused 7,000 canceled flights (www.reuters.com)
submitted 7 months ago by cm0002@lemmy.world to c/sysadmin@lemmy.world
21 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] slazer2au@lemmy.world 36 points 7 months ago (11 children)

Inb4 an out of court settlement happens in about a year and a half with CS not admitting fault but paying an undisclosed amount to Delta.

The Atlanta-based judge also let Delta pursue a computer trespass claim, and a narrowed claim that CrowdStrike fraudulently promised not to introduce an "unauthorized back door" into the carrier's computers.

Also, this will be interesting.

[–] Max_P@lemmy.max-p.me 22 points 7 months ago (10 children)

unauthorized back door

Isn't autoupdating software by definition an authorized backdoor by virtue of enabling it? The whole premise of CrowdStrike is continuous updates for attacks they see in the wild on other companies' systems.

Also if anything CrowdStrike did the opposite of a backdoor since everyone needed to find their BitLocker keys to get back in and clean this mess. It locked out the front and back door.

[–] ricecake@sh.itjust.works 17 points 7 months ago (1 children)

There was an additional auto update function that wasn't disclosed. Delta had disabled the auto update because, like many large companies, they prefer to deploy changes incrementally so that an issue doesn't blow-up all their systems at once.

So...

Isn't autoupdating software by definition an authorized backdoor by virtue of enabling it?

Yes. Which is why they contend disabling it makes it unauthorized.

[–] SupraMario@lemmy.world 2 points 7 months ago (1 children)

That's not how that works. CS didn't have at the time, an option to disable channel file updates. It's how their edr works. Delta's mssp or secops group, %100 knew this as it's in CS own documentation. They really don't have a foot to stand on here, but CS will pay it to make it go away.

[–] ricecake@sh.itjust.works 4 points 7 months ago (1 children)

CS didn't have at the time, an option to disable channel file updates

Yes, that's the crux of the accusation. Given the large number of people who seemed to be under the impression that selecting a staggered release cadence would protect them from a faulty update, it's not unreasonable to think that people were caught off guard by a second autoupdate system that they couldn't configure that could also tank their system.

[–] SupraMario@lemmy.world 0 points 7 months ago

Before this, you could throttle the rollout for channel files. You could knock it down to 1 a minute if you wanted.

Channel files were not something that CS admins didn't know about.

load more comments (8 replies)
load more comments (8 replies)