CrowdStrike downtime apparently caused by update that replaced a file with 42kb of zeroes

Aatube@kbin.melroy.org to Technology@lemmy.world – 823 points –
twiiit.com

…according to a Twitter post by the Chief Informational Security Officer of Grand Canyon Education.

So, does anyone else find it odd that the file that caused everything CrowdStrike to freak out, C-00000291-
00000000-00000032.sys was 42KB of blank/null values, while the replacement file C-00000291-00000000-
00000.033.sys was 35KB and looked like a normal, if not obfuscated sys/.conf file?

Also, apparently CrowdStrike had at least 5 hours to work on the problem between the time it was discovered and the time it was fixed.

188

You are viewing a single comment

From my experience it was more likely to be an accidental overwrite from human error with recent policy changes that removed vetting steps.

2 more...