WingNews logo WingNews
top | item 41002965

(no title)

techie128 | 1 year ago

This is good and bad. This showcases the importance of CrowdStrike. This is a short term blip but in the long run they will learn from this and prevent this type of an issue in the future. On the flip side, they have a huge target on their back for the U.S. government to try and control them. They are also a huge target for malicious actors since they can clearly see that CS is part of critical US and western infra. Taking them down can cripple essential services.

On a related note, this also demonstrates the danger of centralized cloud services. I wish there were more players in this space and the governments would try their very best to prevent consolidation in this space. Alternatively, I really wish the CS did not have this centralized architecture that allows for such failure modes. Software industry should learn from great & age old engineering design principles. For example, a large ships have watertight doors that prevent compartments from flooding in case of a breach. It appears that CS didn't think the current scenario was not possible therefore didn't invest in anything meaningful to prevent this nightmare scenario.

discuss

order

anigbrowl|1 year ago

I'm not that confident that they're going to be around to recover from after their stock price falls into the toilet and they get sued out the yin-yang. I don't think 'read the EULA terms lol' is gonna cut it here.

alt227|1 year ago

> This is a short term blip

No security engineer in the world is going to trust the words CrowdStrike after this.

kasabali|1 year ago

Security engineers are the ones who first came up with these crap in the first place. Sales people are not to blame, they'll sell anything.

choeger|1 year ago

Or, and that maybe a radical idea, YOU DON'T INSTALL THIS FUCKING SNAKE OIL IN THE FIRST PLACE.

The idea of antivirus software is laughable when Adobe cannot implement a safe and secure PDF parser then how can Crowdstrike while simultaneously supporting the parsing of a million other protocols?

Everyone involved: Vendor, operator, and auditors who mandate this shit are responsible and should be punished.

YOU HAVE TO MINIMIZE THE ATTACK SURFACE, NOT INCREASE IT.