Email or username:

Password:

Forgot your password?
Top-level
Kevin Beaumont

Spirit Airlines in the US anticipates a $7.2 million hit to its third-quarter operating income due to operational disruptions caused by the CrowdStrike incident, which forced the carrier to cancel 470 flights.

9 comments
Kevin Beaumont replied to Kevin

Here's the Delta boss on his thoughts about the CrowdStrike incident.

They had 40k Windows Server boxes alone, all with BitLocker full disk encryption enabled, all of which wouldn't boot and weren't fixable without manually unlocking BitLocker. That had gone all in with CrowdStrike + Microsoft's most premium offerings.

He has a really good point about how tech companies have become obsessed with growth as their only metric of success, and customer satisfaction is not on the radar.

Kevin Beaumont replied to Kevin

There's a really mad moment in that interview where they ask them what assistance CrowdStrike have offered, and he essentially says nothing, not even a lunch voucher.

What a time to be alive.

Kevin Beaumont replied to Kevin

CrowdStrike’s website then vs now

Kevin Beaumont replied to Kevin

CrowdStrike complained to Cloudflare about a CrowdStrike parody site… and Cloudflare took it down. Without a court order. clownstrike.lol/crowdmad/

Cloudflare recently announced they have become a strategic partner with CrowdStrike: cloudflare.com/en-gb/press-rel

Kevin Beaumont replied to Kevin

Additionally to loop this in, CrowdStrike submitted a takedown for a parody label (they’ve since rescinded it after being called out).

Kevin Beaumont replied to Kevin

We’ve reached the part of the brand cycle where people are using CrowdStrike as an excuse theverge.com/2024/8/2/24212298

Kevin Beaumont replied to Kevin

360 takes a look at the Crowdstrike kernel drivers - finds they implement an eBPF like system, contain a wide attack surface, don’t check validity of update files (eg no signing of updates) and claim they contain conditions for LPE and RCE vulnerabilities. mp.weixin.qq.com/s/uD7mhzyRSX1

Before people write this off as ‘the Chinese’, I’ll give you a hint: there really, really should be security research about the security of security products across all vendors. I’ve seen things.

360 takes a look at the Crowdstrike kernel drivers - finds they implement an eBPF like system, contain a wide attack surface, don’t check validity of update files (eg no signing of updates) and claim they contain conditions for LPE and RCE vulnerabilities. mp.weixin.qq.com/s/uD7mhzyRSX1

Kevin Beaumont replied to Kevin

Previously on Crowdstrike Falcon vulnerability research, check out this timeline where they tried to use NDAs to avoid disclosure, then fixed it without telling anybody. modzero.com/modlog/archives/20

VessOnSecurity replied to Kevin

@GossiTheDog I had a similar experience with Microsoft.

A junior colleague found a 1-click exploit in Skype for Linux. We reported it. We didn't want any bounty money - just to be assigned a CVE that we could include in our paper. Microsoft's response was essentially "it's not an RCE, go away".

Then they silently fixed it, without crediting us.

Never every doing the "responsible disclosure" dance with Microsoft ever again.

Go Up