New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
CrowdStrike update caused BSOD on hospitals, banks, servers worldwide
This discussion has been closed.
Comments
Was reading about this. Absolutely insane the amount of companies, financial institutions, governments, that are affected and completely down. Security firm update basically brought a big chunk of global industry down lol.
And the fix is to rename a file in Windows safe mode.
The more scary part is how many gov is dependant on single provider/software. Total anihilation.
Long live Linux! Long live FreeBSD!
The moment of glory for the BSOD.
It is way better than kernel panic
CrowdStrike literally striking the crowd.
Wait? They are using windows to handle critical communications for airplanes?? Why 😭
It’s probably a case where if the whole world could adapt a new standard for everything airline today, it wouldn’t be ran on Windows. But completely redoing these things…
Probably the same reason banks do everything they can do hire Cobol devs instead of actually redoing their systems.
Also its crazy how much companies depend on the same service provider collectively as there is only one that exists... Fraud, Healthcare, etc are big ones too where one giant company connects everyone together and processes all the data so everyone is more connected and seamless(only that these mega corporations are hardly regulated despite having more data on people than google and handling an entire critical back end.
The fact that they choose windows anyhow is kinda crazy to me that as I understand it most communications systems that were getting started in the 80-early 90s to connect everyone together used Unix based systems since that's what the telecoms used. But there probably is a reason I dunno.
Delta, United and American Airlines flights grounded due to communication issue, FAA says
https://wtop.com/dc-transit/2024/07/delta-united-and-american-airlines-flights-grounded-due-to-communication-issue-faa-says/
Don't panic, experts IT engineers onsite!
BREAKING: Berlin Airport suspending all flights due to IT problems
"The blue screen of death is reported with a stop code of PAGE_FAULT_IN_NONPAGED_AREA from the csagent.sys driver."
https://en.wikipedia.org/wiki/CrowdStrike
You’d be surprised to know the extent of Windows being used for critical and general corporate purposes. The whole "wINdOwS bAd, lInUX gOOd" sentiment has no real-world impact except for a minority of tech nerds. At the end of the day, simplicity and ease of use win.
I was thinking that a few days ago I repaired the brake booster and today it'll be a joy to ride this 1999 car. It wouldn't be a joy if the car had Windows, a computer, internet and cameras.
It's bound to happen eventually.
It's always more economical to pay a Cobol/Fortran dev 100k upfront for a quick fix that rewriting and reimplementing the entire infrastructure.
Woah fix needs manual fixes for each machine!
From article
Security expert Kevin Beaumont claims to have seen the flawed update that is believed to have caused the issue. “I have obtained the CrowdStrike driver they pushed via auto update,” he posted on X. “I don't know how it happened, but the file isn't a validly formatted driver and causes Windows to crash every time.”
The problem for companies looking to recover from the attack is that the fix would need to be applied manually on each machine, Beaumont added. It’s not something that can be automated. That could hugely slow down the recovery from this incident.
Financial loss in the tens, if not hundreds of millions
Mentally strong coder does not deal with legacy codebase.
We reimplement the entire infrastructure every two years.
We don't do quick fixes.
We adopt the latest trend and redesign the API too.
There's zero backwards compatibility.
Dependency? It's your problem.
You are supposed to rewrite your codebase every two years as well.
And I thought the first critical dependency failure I would see would be CloudFlare.
supposed to, that's the key point but not when the majority of shareholders and CEOs demand to save every penny for their pocket.
Guess the question is shouldn't Crowdstrike have tested the patch before deployment??
Same here.
Even if they cannot test every possible combination, a little gradual release could help...
I think if you test on multiple machines, like a company as CrowdStrike would do. This would have been seen, it's something else. I will not say it's a “hack” attempt, but it's not that they forget to test, I think.
Airlines, airports, banks, and what not belly up. Real core infrastructure.
"Go into the cloud!" they said ... and the herd did.
But the really bad news is this: they'll stay in the cloud.