All our servers and company laptops went down at pretty much the same time. Laptops have been bootlooping to blue screen of death. It’s all very exciting, personally, as someone not responsible for fixing it.

Apparently caused by a bad CrowdStrike update.

Edit: now being told we (who almost all generally work from home) need to come into the office Monday as they can only apply the fix in-person. We’ll see if that changes over the weekend…

  • SupraMario@lemmy.world
    link
    fedilink
    English
    arrow-up
    29
    arrow-down
    3
    ·
    4 months ago

    No bad actors did this, and security goes in fads. Crowdstrike is king right now, just as McAfee/Trellix was in the past. If you want to run around without edr/xdr software be my guest.

    • corsicanguppy@lemmy.ca
      link
      fedilink
      English
      arrow-up
      1
      ·
      4 months ago

      Hmm. Is it safer to have a potentially exploitable agent running as root and listening on a port, than to not have EDR running on a well-secured low-churn enterprise OS - sit down, Ubuntu - adhering to best practice for least access and least-services and good role-sep?

      It’s a pickle. I’m gonna go with “maybe don’t lock down your enterprise Linux hard and then open a yawning garage door of a hole right into it” but YMMV.

      • SupraMario@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        Reality is, if your users are educated, then your more secure than any edr with dumbass users. But we all know this is a pipe dream.

    • Saik0@lemmy.saik0.com
      link
      fedilink
      English
      arrow-up
      10
      ·
      4 months ago

      If you want to run around without edr/xdr software be my guest.

      I don’t think anyone is saying that… But picking programs that your company has visibility into is a good idea. We use Wazuh. I get to control when updates are rolled out. It’s not a massive shit show when the vendor rolls out the update globally without sufficient internal testing. I can stagger the rollout as I see fit.

      • SupraMario@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        4 months ago

        You can do this with CS as well, but the dumbasses where pushing major updates via channel files which aren’t for that. They tried to squeak by without putting out a major update via the sensor updates which you can control. Basically they fucked up their own structure because a bunch of people where complaining and more than likely management got involved and overwrote best practices.