• 1 Post
  • 247 Comments
Joined 1 year ago
cake
Cake day: June 21st, 2023

help-circle
  • There are a lot of misunderstandings about what happened. First, the ‘update’ was to a data file used by the crowdstrike kernel components (specifically ‘falcon’.) while this file has a ‘.sys’ name, it is not a driver, it provides threat definition data. It is read by the falcon driver(s), not loaded as an executable.

    Microsoft doesn’t update this file, crowdstrike user mode services do that, and they do that very frequently as part of their real-time threat detection and mitigation.

    The updates are essential. There is no opportunity for IT to manage or test these updates other than blocking them via external firewalls.

    The falcon kernel components apparently do not protect against a corrupted data file, or the corruption in this case evaded that protection. This is such an obvious vulnerability that i am leaning toward a deliberate manipulation of the data file to exploit a discovered vulnerability in their handling of a malformed data file. I have no evidence for that other than resilience against malformed data input is very basic software engineering and crowdstrike is a very sophisticated system.

    I’m more interested in how the file got corrupted before distribution.



  • You’ve doctored your first two points to avoid the fact that widespread corruption and crumbling infrastructure are in fact a feature of the USA. That said, obviously we are not a ‘third world’ country, nor a ‘developing or under-developed’ country. We are, instead in our own special category of fucked. We have an absolutely giant economy, but as we have decided politically to disinvest in all of our public sectors, either by privatization or under-funding, we are rapidly becoming dysfunctional. Add to that the huge global reclaiming of surplus value from workers wages to plutocrats profits, and we are, as is obvious, in a political crisis shared by the rest of the neoliberal democracies.











  • markr@lemmy.worldtoTechnology@lemmy.world*Permanently Deleted*
    link
    fedilink
    English
    arrow-up
    7
    ·
    10 months ago

    You can list all the current loaded drivers. You can examine the system event log for service start operations. You can run with a kernel debugger attached and examine any loaded driver. The driver itself is likely correctly signed and will not require additional user acknowledgement beyond what was given when the game was installed.