Sysadmin

9241 readers

3 users here now

A community dedicated to the profession of IT Systems Administration

No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
!lemmy@lemmy.ml
!lemmyworld@lemmy.world
!lemmy_support@lemmy.ml
!support@lemmy.world

founded 2 years ago

MODERATORS

DarraignTheSane@lemmy.world

00Lemming@lemmy.world

L3s@lemmy.world

145

Delta can sue CrowdStrike over computer outage that caused 7,000 canceled flights (www.reuters.com)

submitted 4 days ago by cm0002@lemmy.world to c/sysadmin@lemmy.world

28 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] slazer2au@lemmy.world 36 points 4 days ago (11 children)

Inb4 an out of court settlement happens in about a year and a half with CS not admitting fault but paying an undisclosed amount to Delta.

The Atlanta-based judge also let Delta pursue a computer trespass claim, and a narrowed claim that CrowdStrike fraudulently promised not to introduce an "unauthorized back door" into the carrier's computers.

Also, this will be interesting.

[–] Max_P@lemmy.max-p.me 20 points 4 days ago (10 children)

unauthorized back door

Isn't autoupdating software by definition an authorized backdoor by virtue of enabling it? The whole premise of CrowdStrike is continuous updates for attacks they see in the wild on other companies' systems.

Also if anything CrowdStrike did the opposite of a backdoor since everyone needed to find their BitLocker keys to get back in and clean this mess. It locked out the front and back door.

[–] slazer2au@lemmy.world 5 points 4 days ago (4 children)

I wouldn't call an auto update mechanism an unauthorised backdoor, it is required behaviour for that kind of software.

[–] ricecake@sh.itjust.works 6 points 4 days ago (1 children)

It's absolutely not required behavior! Software for servers has very different requirements from software for end users, and if you have a lot of them you also want to manage your end user machines differently.

Updates can go wrong, and if you roll out a bad update to everything at once you can crash everything and lose a lot of money. As aptly demonstrated by cloudstrike.

That's why Delta and many other companies disabled the auto update functions: so they could control the rollout cadence.
They reasonably believed that disabling autoupdates disabled them. They didn't expect a second autoupdate system that wasn't documented, wasn't controlled by the autoupdate system settings and couldn't be disabled.

[–] SupraMario@lemmy.world 1 points 4 days ago (1 children)

It's not a second auto update. It's %100 documented in the software and you can %100 throttle it. Channel files are heavily discussed when you roll out CS.

[–] ricecake@sh.itjust.works 1 points 4 days ago* (last edited 4 days ago) (1 children)

https://www.crowdstrike.com/en-us/blog/falcon-content-update-preliminary-post-incident-report/

Might want to let crowdstrike know.

Rapid Response Content Deployment

Implement a staggered deployment strategy for Rapid Response Content in which updates are gradually deployed to larger portions of the sensor base, starting with a canary deployment.

Improve monitoring for both sensor and system performance, collecting feedback during Rapid Response Content deployment to guide a phased rollout.

Provide customers with greater control over the delivery of Rapid Response Content updates by allowing granular selection of when and where these updates are deployed.

Provide content update details via release notes, which customers can subscribe to.

https://www.theregister.com/2024/07/23/crowdstrike_lessons_to_learn/

Maybe you're thinking of changes that they made as a result of the incident?

[–] SupraMario@lemmy.world 1 points 4 days ago

No channel files where %100 there. It's in the general GUI settings. You could throttle channel files. Now after this your able to do General availability, Early availability or pausing them.

load more comments (2 replies)

load more comments (7 replies)