• 0 Posts
  • 15 Comments
Joined 1 year ago
cake
Cake day: July 5th, 2023

help-circle
  • I’m one of the admins who manage CrowdStrike at my company.

    We have all automatic updates disabled, because when they were enabled (according to the CrowdStrike best practices guide they gave us), they pushed out a version with a bug that overwhelmed our domain servers. Now we test everything through multiple environments before things make it to production, with at least two weeks of testing before we move a version to the next environment.

    This was a channel file update, and per our TAM and account managers in our meeting after this happened, there’s no way to stop that file from being pushed, or to delay it. Supposedly they’ll be adding that functionality in now.


  • Yes, CrowdStrike says they don’t need to do conventional AV definitions updates, but the channel file updates sure seem similar to me.

    The file they pushed out consisted of all zeroes, which somehow corrupted their agent and caused the BSOD. I wasn’t on the meeting where they explained how this happened to my company; I was one of the people woken up to deal with the initial issue, and they explained this later to the rest of my team and our leadership while I was catching up on missed sleep.

    I would have expected their agent to ignore invalid updates, which would have prevented this whole thing, but this isn’t the first time I’ve seen examples of bad QA and/or their engineering making assumptions about how things will work. For the amount of money they charge, their product is frustratingly incomplete. And asking them to fix things results in them asking you to submit your request to their Ideas Portal, so the entire world can vote on whether it’s a good idea, and if enough people vote for it they will “consider” doing it. My company spends a fortune on their tool every year, and we haven’t been able to even get them to allow non-case-sensitive searching, or searching for a list of hosts instead of individuals.


  • Speaking as someone who manages CrowdStrike in my company, we do stagger updates and turn off all the automatic things we can.

    This channel file update wasn’t something we can turn off or control. It’s handled by CrowdStrike themselves, and we confirmed that in discussions with our TAM and account manager at CrowdStrike while we were working on remediation.




  • DesertCreosote@lemm.eetoMemes@lemmy.mlGoogle “search”
    link
    fedilink
    arrow-up
    8
    arrow-down
    1
    ·
    11 months ago

    Can’t speak for the person you’re replying to, but I’m a security engineer and stuff still makes its way to me that you would think would get filtered out by others (and isn’t my job to fix). It just takes the right person thinking “this is obviously a problem with $system, let’s just send it straight over to them so they can fix it quickly!” And then we get the fun job of proving it’s not us and has no relation to us.

    We got a ticket today for packet loss between two systems, neither of which have any of our tools on them…





  • I’m going to jump on the Kobo train along with everyone else. I have a Kobo Libra H2O that I really love. I had a couple Kindles before deciding that I really didn’t want to stick with an Amazon product, and chose Kobo because of its integrations with Overdrive. It’s really nice to be able to check out a book from the library directly on my e-reader.

    The screen is bright when it needs to be, but dims down quite nicely. The touchscreen is fairly responsive, though it’s e-ink and there are limits to refresh rates. The physical buttons to turn the page are perfect, and I still can’t believe Amazon took them off their Kindles (though I guess I understand them removing the keyboard… even though I liked it).

    I actually like mine so much, I bought a second of the same model after I somehow managed to lose my first one. So the one thing I wish they had was integration with Apple Airtag or one of the other device tracking networks!



  • Depending on where you work, your employer may be able to take that personal device you’re using for work in the event of a lawsuit against the company (where they need to retain anything that may be relevant to discovery), or in the event of a security incident (where they may need it for forensics).

    I work in information security, and I practice strict isolation for that exact reason. Two laptops, two phones, because if anything ever happens they can and will take devices for analysis or evidence. If you are using an issued device, they’ll assign you a new one; if it’s a personal device you’ll get it back when they’re done with it, which could take years.

    Edited to add this is dependent on your employment contract, but it’s better to be safe than sorry. Cover your camera and use your work computer.


  • I run those calls through my own phone system, which I host on a system in my basement. There are a couple main options out there, I used FreePBX for a while but now I’m using 3CX. They don’t require a ton of computing power-- mine runs on a virtual server inside a larger system, but you could run one off of an inexpensive thin client from eBay if you wanted to.

    I get my phone number from VoIP.ms, which is pretty inexpensive and has worked well for me for years.

    For a phone, you can either use a soft phone (an app on your computer or smartphone), or use an older IP phone off eBay (which is what I do since I also have a Plantronics wireless headset that connects to it).

    It’s pretty easy to get started, but you do need to make sure you’re configuring everything correctly since selfhosted services can open up security holes in your network if you don’t know what you’re doing.



  • I bought a smokeless firepit, which works by surrounding the fire with a compartment of air which gets superheated and shot back out into the smoke, igniting it and getting rid of almost all the smoke a fire normally puts out.

    The day I set it up, I had it sitting on the grass and started wondering if the outer wall was hot enough to set my yard on fire. There happened to be a lot of dead leaves around, so I decided to touch one against the outer wall of the firepit and see if it caught on fire.

    When I actually went to go do this, my brain skipped over the “pick up a leaf first” step, and I just touched the firepit with all five fingertips of my dominant hand.

    I somehow ended up with mostly second-degree burns and only a couple smaller third-degree burns, but 0/10, do not recommend. Fire is hot, and touching it results in a lot of pain.