$5.4 Bn so far, not including lost worker productivity or damage to brand reputations, so that’s a very conservative estimate. And Cybersecurity insurance will supposedly only cover up to 20% of that (but good luck getting even that much). What a clusterf***
And that $5,400,000,000 loss estimate is only Fortune 500 companies!
“CrowdStrike said it also plans to move to a staggered approach to releasing content updates so that not everyone receives the same update at once, and to give customers more fine-grained control over when the updates are installed.”
Hol up. So they like still get to exist? Microsoft and affected industries just gonna kinda move past this?
Haven’t seen anything from the affected major players. Obviously Crowdstrike isn’t going to say they are fucked long term, they have to act like this is just a little hiccup and move on. Lawsuits are absolutely incoming
We’ll see how fucked they are from SLA breaches/etc., and then we’ll see how many companies jump ship to an alternative. We won’t have the real fallout from this event for months or years.
Companies using CrowdStrike and Windows aren’t really the type to be active about this sort of thing.
What do you mean by this?
The companies who use CrowdStrike (lazy fix) on Windows (garbage OS) aren’t really the type to want to switch away from it (will take effort)
On Wednesday, CrowdStrike released a report outlining the initial results of its investigation into the incident, which involved a file that helps CrowdStrike’s security platform look for signs of malicious hacking on customer devices.
The company routinely tests its software updates before pushing them out to customers, CrowdStrike said in the report. But on July 19, a bug in CrowdStrike’s cloud-based testing system — specifically, the part that runs validation checks on new updates prior to release — ended up allowing the software to be pushed out “despite containing problematic content data.”
…
When Windows devices using CrowdStrike’s cybersecurity tools tried to access the flawed file, it caused an “out-of-bounds memory read” that “could not be gracefully handled, resulting in a Windows operating system crash,” CrowdStrike said.
Couldn’t it, though? 🤔
And CrowdStrike said it also plans to move to a staggered approach to releasing content updates so that not everyone receives the same update at once, and to give customers more fine-grained control over when the updates are installed.
I thought they were already supposed to be doing this?
Couldn’t it, though? 🤔
IANAD and AFAIU, not in kernel mode. Things like trying to read non existing memory in kernel mode are supposed to crash the system because continuing could be worse.
The fact that they weren’t already doing staggered releases is mind-boggling. I work for a company with a minuscule fraction of CrowdStrike’s user base / value, and even we do staggered releases.
Removed by mod
And the stockades?
Any word on the stockades?
George Kurtz has only crashed the world twice so he has one strike to go, I guess.
You can only fail upwards at the executive level. He went from CTO to CEO on his last global crash. What’s next? Running for President?
No risk, All rewards.
Please no
Wowowow! This is insane! 😨🤯
Oh, finally, I have been waiting for so long.
