 Notice. New forum software under development. It's going to miss a few functions and look a bit ugly for a while, but I'm working on it full time now as the old forum was too unstable. Couple days, all good. If you notice any issues, please contact me. |
Forum Index : Microcontroller and PC projects : Global network outage affecting money cards all over the world....
  Page 2 of 3   |
|||||
| Author | Message | ||||
| robert.rozee Guru  Joined: 31/12/2012 Location: New ZealandPosts: 2350 |
the problem with this approach is: what if you want to patch a really serious bug in your software that constitutes a major security vulnerability that will almost certainly be exploited immediately by any bad actor who discovers it? if you roll out a staged update over a number of weeks, then a bad actor has a window of opportunity in which to compare the 'new' system to the 'old' system and determine what you have changed. ie discover the serious bug that you want to keep secret (at least until you have eliminated it from all live systems); with quick action, the bad actor can exploit systems that have not yet received their updates. in my opinion, a far better approach to installing layers of 'auxiliary security' on systems that have inherent security flaws, is to instead work on developing systems that in themselves have no inherent security flaws in the first place. there is a saying: "the only problem that can not be solved with the addition of another layer of abstraction, is the problem of too many layers of abstraction"; perhaps we need a new variation of this: "the only security vulnerability that can not be solved with the addition of another layer of security, is the problem of too many layers of security". have we reached the point with these systems where it is time to start from scratch? cheers, rob :-) Edited 2024-07-20 12:57 by robert.rozee |
||||
phil99 Guru Joined: 11/02/2018 Location: AustraliaPosts: 2135 |
Ok, that is also a problem. I guess there is no perfect answer. That would also affect those who wait to see if the patch is ok before allowing an update. The link in LeoNicolas post says the update included a blank file. Assuming the update was tested at least once, it would seem the version sent out was not the one that was tested. Careless! Edited 2024-07-20 14:40 by phil99 |
||||
Grogster Admin Group  Joined: 31/12/2012 Location: New ZealandPosts: 9306 |
Excellent wee video. Thanks for posting it.  I'm pretty amazed and stunned, that something like this could happen such that it has a GLOBAL negative effect. Time to go back to Arkwright's snapping till perhaps.     But seriously.... As I understand it, this would not be possible to do on this kind of scale with Linux due to the way it works(not verified, just what I have been reading, which could be lies for all I know), so perhaps a rather large proportion of the world should get their bleedin' Windoze-based checkout computers onto a Linux solution! If nothing else, this highlights a MAJOR flaw in the system as-is, IMHO. Smoke makes things work. When the smoke gets out, it stops! |
||||
LeoNicolas Guru Joined: 07/10/2020 Location: CanadaPosts: 479 |
For me, the problem relies on a poor dev and CI/CD process. I use automated build/test processes after static and pair code reviews. For example, we can detect a significant increase in processing, memory, or network usage during the build/test phase or in the automated integration and functional tests. |
||||
| Grogster Admin Group Joined: 31/12/2012 Location: New ZealandPosts: 9306 |
Here is a wee video I also found - YouTube is alive with videos about this mess now. LINK... Smoke makes things work. When the smoke gets out, it stops! |
||||
Mixtel90 Guru Joined: 05/10/2019 Location: United KingdomPosts: 6783 |
Oh <Deity>, Grogster! I can't watch more than 10 seconds of that because of The Voice. It's awful! Mick Zilog Inside! nascom.info for Nascom & Gemini Preliminary MMBasic docs & my PCB designs |
||||
| Grogster Admin Group Joined: 31/12/2012 Location: New ZealandPosts: 9306 |
Really? OK, then, have some Arkwright till then... Arkwright's Till... At least back then, you knew your money was safe! Your fingers, perhaps not so much! Smoke makes things work. When the smoke gets out, it stops! |
||||
| Mixtel90 Guru Joined: 05/10/2019 Location: United KingdomPosts: 6783 |
Hehe... Proper Lanky, that is. :) Don't get me started on Four Candles. :) Mick Zilog Inside! nascom.info for Nascom & Gemini Preliminary MMBasic docs & my PCB designs |
||||
Hans Senior Member  Joined: 18/10/2022 Location: CanadaPosts: 116 |
I don't have a lot of respect for M$ these days. I worked in that world when I was employed, by various companies as a programmer of M$ Business Software. However, M$ is getting the rap for this, it seems, when it was just bad 3rd party software from CloudStrike. Anytime you have to rely on a 3rd party, anything can happen and in my time you would never allow 3rd party software on you main servers with out installing it 1st to a test system in your own environment. That's not what happens these days due to cheapness (why do we need to spend money on a full test system?), properly trained people (computers are simple everyone has one why do we need skilled professionals?) can't take the time (we don't need to redo someone else's job!). This is the kind of opposition you get when you make these suggestions to management. I'm not getting religious here but you "reap what you sow". Hans ...  |
||||
| Mixtel90 Guru Joined: 05/10/2019 Location: United KingdomPosts: 6783 |
This is a particularly nasty case. CrowdStrike has to have very low level access into the Windows system, to the point where it even sees the startup processes. The unfortunate thing is that Microsoft allow "trusted" applications to be able to write to Windows System 32, which is normally locked. That's not like Linux, where applications can't write to protected areas without root permission, and you don't allow root access over the internet, even for push updates. There should have been no way that the CrowdStrike Falcon file could have been blank. Microsoft shouldn't have allowed a push update into Windows System 32 without human verification. Still, it's done now. And nothing will happen, even if lessons have been learned, because fixing such low level things costs money and bean counters are in charge. Mick Zilog Inside! nascom.info for Nascom & Gemini Preliminary MMBasic docs & my PCB designs |
||||
| LeoNicolas Guru Joined: 07/10/2020 Location: CanadaPosts: 479 |
This is not 100% correct. Any software that needs high privileges, such as drivers, can cause kernel panic or blue screen of death. And, as I could understand, CrowdStrike software needs this type of privilege for monitoring the computer I/O. A Linux kernel module can cause the same problem. The big question is how a defective driver went to production. An automated CI/CD process will never allow this to happen. https://access.redhat.com/solutions/7068083 Edited 2024-07-21 08:02 by LeoNicolas |
||||
| Grogster Admin Group Joined: 31/12/2012 Location: New ZealandPosts: 9306 |
Oh, yes, that is an absolute classic. SO well done. They were an excellent comedy team. Smoke makes things work. When the smoke gets out, it stops! |
||||
| Grogster Admin Group Joined: 31/12/2012 Location: New ZealandPosts: 9306 |
AHHHH - and there you go. That was why I put a wee disclaimer in parenthesis in my post above, as I had not researched the issue enough at that point, but I was thinking along the lines of how they used to say that: "You can't have viruses in Linux." a few years ago. Even then, I was thinking: "I'm sure that you CAN have viruses in Linux, it's just that 99% of virus writers target Windoze machines." It IS still true though, that you are far LESS likely to have virus issues in Linux or MAC, as the virus-writers are STILL targeting Windoze over Linux or MAC. This is an interesting global issue. I would LIKE to think that something serious will be done to prevent this happening again, but as Mixtel90 hinted at, I don't know that they will - that would cost money, so...... Edited 2024-07-21 09:40 by Grogster Smoke makes things work. When the smoke gets out, it stops! |
||||
KeepIS Guru Joined: 13/10/2014 Location: AustraliaPosts: 1679 |
Does anyone still think our personal and corporate government and institutional data is safe when offshore centralized corporations that have full access to the OS on Medical, Transport, Banking, Shopping, most infrastructure and on and on, still love totally digital banking and ID? Seriously? Oh! that's right, trust us, we know what were doing, it's all fixed now, this will never happen again, continue to demonize cash and remove it, nothing to see here, we care about you, go back to sleep.  Perhaps it's just me.It's all too hard. Mike. |
||||
Rickard5 Guru Joined: 31/03/2022 Location: United StatesPosts: 463 |
Dang Labor Government Sexy Maggie would have Kicked him off the dole and took his Gyro Allowance away I may be Vulgar, but , while I'm poor, I'm Industrious, Honest, and trustworthy! I Know my Place |
||||
| Mixtel90 Guru Joined: 05/10/2019 Location: United KingdomPosts: 6783 |
Oh yes, you definitely can have viruses in linux. The difference is in how the virus gets in. A low level corrupt driver can be introduced into linux, but in order to get there it will (should) need root permission to be installed. There may not even be a root account on the machine. Microsoft allow "trusted" applications to, effectively, have root access so it's easier to get a virus installed. If the installed file isn't a protected driver (and I don't know why the CrowdStrike Falcon one should be) then the existing protected driver that is handling it should be checking for an errored file prior to using it. Linux isn't a popular target for viruses for several reasons. One of the lesser ones is that there's no guarantee that any given virus will affect many machines. Something that runs on Mint might do nothing on Debian or even on Ubuntu as all the distros vary in some way, as well as individual machines having their own changes to their distro. It can be a lot of work to create a virus only to find that it only runs on 1000 machines in the world. Edited 2024-07-21 18:34 by Mixtel90 Mick Zilog Inside! nascom.info for Nascom & Gemini Preliminary MMBasic docs & my PCB designs |
||||
| LeoNicolas Guru Joined: 07/10/2020 Location: CanadaPosts: 479 |
Yes, you are right. as a good practice, we test the updates for a while before applying the patch to the product environment, and usually we don't apply it to all machines at once. Have you seen the link I shared? https://access.redhat.com/solutions/7068083 They screwed up their kernel module for Linux as well, but even Linux being the OS that moves the Internet, we didn't see a global outage. |
||||
| Mixtel90 Guru Joined: 05/10/2019 Location: United KingdomPosts: 6783 |
I do like the nice refined way that linux says "oops:". :) It's so useful to be able to see what went wrong and at what stage. Mick Zilog Inside! nascom.info for Nascom & Gemini Preliminary MMBasic docs & my PCB designs |
||||
| stoke_ferry Newbie  Joined: 26/04/2023 Location: United KingdomPosts: 3 |
What no one seems to have picked up, as far as I can see (and I don't mind being corrected), is that this affects Microsoft Windows 10 and not Windows 11. Therefore, all these big companies, airlines, NHS, retailer, etc, obviously have not upgraded to Windows 11. Why not? Maybe it's because, just like the company where I work, the software we use (a major accounting package) won't run under windows 11! |
||||
| LeoNicolas Guru Joined: 07/10/2020 Location: CanadaPosts: 479 |
David Plummer released a video talking about the issue: https://www.youtube.com/watch?v=wAzEJxOo1ts |
||||
| Page 2 of 3 |
|||||
 Print this page |
