[Discuss] CrowdStrike Fiasco
Dan Ritter
dsr at randomstring.org
Mon Jul 22 10:23:15 EDT 2024
Rich Pieri wrote:
> While the CrowdStrike (not to be confused with CloudFlare) fiasco
> Friday affected millions of Windows computers, Linux is not immune to
> such an event. I'm not familiar with CrowdStrike Falcon, but my
> employer uses competing PaloAlto Networks' Cortex XDR. It's a similar
> service with similar capabilities, and there are Linux endpoint
> packages. These hook themselves into the kernel at a low level via
> modules so they can do things like isolate individual machines when
> they exhibit suspicious or malicious behavior.
>
> They also could, with the right -- or wrong -- updates, crash or hang
> the kernel at startup.
>
> Recovery under such conditions would be nearly identical to the process
> that 8.5 million Windows computers are undergoing: boot some form of
> recovery media, mount the filesystem where the endpoint software or
> data are installed, delete or replace the relevant files, and reboot.
In fact, CrowdStrike Falcon has a Linux version; it also
requires a kernel module; and it exhibited a similar -- but
different crash back in March.
-dsr-
More information about the Discuss
mailing list