Hacked CrowdStrike Incident
Aug 2, 2024
John Hammond, a renowned security researcher and educator, unravels the recent CrowdStrike incident that sent shockwaves through the IT world. He dives into the chaos caused by a global technical outage and the implications of misconfigurations on critical systems. The discussion reveals the vulnerabilities in cybersecurity measures and the urgent need for robust protocols. Hammond also emphasizes the importance of proactive strategies and effective data backup solutions to enhance overall security and mitigate future risks.
AI Snips
Chapters
Transcript
Episode notes
Long Lines Building Single Point Failure
- The AT&T Long Lines building outage in 1991 cut millions of calls and grounded flights, illustrating single points of failure in infrastructure.
- A power malfunction combined with human error disabled central switching and FAA lines, grounding planes worldwide.
Kernel Level Update Caused Global Outages
- CrowdStrike's July 19 sensor configuration update triggered a kernel-level logic error that caused widespread blue screens and crashes across many enterprise systems.
- The Falcon sensor runs at kernel level so a bad config or ancillary file can force Windows to perform a safe shutdown, impacting airports, hospitals, and businesses.
Kernel Failures Force Safe System Shutdowns
- Security agents with kernel access can cause system-wide failures when they hit exceptions because kernels enforce fail-safe shutdowns (blue screen).
- Anything operating at kernel level flips the 'can't continue safely' switch, so bugs there have outsized consequences.