Email or username:

Password:

Forgot your password?
Stuart's posts Post Back to profile
Top-level
Hudsoncress

@calamari What's interesting about this is that best practice is to be on n-2, or two versions behind on driver updates. Which we are. But this was a policy update, or a channel update where they modified modified the detections such that it borked ALL versions of the driver. TL,DR senior leadership assumed we would be covered to prevent this, but n-2 doesn't mean what everyone thought it meant.

19 July at 15:18 | Wall-to-wall | Open on infosec.exchange
8 comments
Frazell Thomas

@hudsoncress @calamari They don’t like to be behind on security updates though. These were definition files so being n-2 would mean exposure to 1 and 2 day critical security vulnerabilities.

This isn’t the first major crisis caused by rapid fire security updates. It won’t be the last.

19 July at 16:00 | Open on thelounge.network
Hudsoncress

@LogicalApex @calamari. It's just wild that Crowdstrike pushes that apparently untested definition file globally, and was able to hit hundreds of millions of endpoints before anyone saw it was literally breaking every computer it touched? I mean... WFT

19 July at 16:46 | Open on infosec.exchange
Hudsoncress

@LogicalApex @calamari also, quoth the vendor, "There is no way at this time" to turn off channel updates... SLT is gonna love that.

19 July at 16:51 | Open on infosec.exchange
Andreas K

@hudsoncress @LogicalApex @calamari
I'm sure the contracts make sure that the vendor pays for all damages they caused, RIGHT?

Because if not, if it were malware, there would be at least hope that the responsible would be prosecuted at some point.

19 July at 19:35 | Open on mastodon.social
Frazell Thomas

@yacc143 @hudsoncress @calamari Companies put boiler plate language in their contracts. They either absolve themselves of any liability for damages or limit their liability to your license fee. Probably also includes a mandatory arbitration clause to further limit liability fallout.

I bet that’s the case here too.

😬

19 July at 19:47 | Open on thelounge.network
Hudsoncress

@LogicalApex @yacc143 @calamari what’s interesting is how we all assumed n-2 would save us from this but nobody was clear beforehand that the real risk was a policy update, not a driver version.

20 July at 0:52 | Open on infosec.exchange
Andreas K

@LogicalApex @hudsoncress @calamari Interestingly, so they sell you a product that does something, on most days what the sales prospectus says, and on some days destroys your IT, and say enjoy, you cannot sue us, and the IT crime laws don't apply to us, as you voluntary provided us with access to all your IT.

Now purely as the IT guy, that is GREAT.

20 July at 13:09 | Open on mastodon.social
Andreas K

@LogicalApex @hudsoncress @calamari
And BTW, myx current employer asked exactly for that and more, they asked in what the CEO said was IT standard boilerplate that I as the little IT contractor would make them whole not only for my mistakes, but also for all products I used or that they asked me to use.

Admittedly he crossed out this paragraph when I explained to him the issues ;)

20 July at 13:19 | Open on mastodon.social
Go Up