HackerTrans
TopNewTrendsCommentsPastAskShowJobs

millero

no profile record

comments

millero
·2 ปีที่แล้ว·discuss
Yes, this fits in with what I heard on the grapevine about this bug from a friend who knows someone working for Crowdstrike. The bug had been sitting there in the kernel driver for years before being triggered by this flawed data, which actually was added in a post-processing step of the configuration update - after it had been tested but before being copied to their update servers for clients to obtain.

Apparently, Crowdstrike's test setup was fine for this configuration data itself, but they didn't catch it before it was sent out in production, as they were testing the wrong thing. Hopefully they own up to this, and explain what they're going to do to prevent another global-impact process failure, in whatever post-mortem writeup they may release.
millero
·2 ปีที่แล้ว·discuss
I heard from a friend who knows someone in Crowdstrike that this bug had been sitting there in the kernel driver for years before being hit. Turns out that the flawed data was added in a post-processing step of the configuration update, which is after it's been tested internally but before it's copied to their update servers.

Their test setup was fine for the update data itself, it's just that they didn't catch it before it was sent out to production because they were testing the wrong thing. Oops.