Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Crowdstrike Analysis: "It was a NULL pointer from the memory unsafe C++ language....let me decode this stack trace dump for you."
X ^ | July 19, 2024 | Post Conversation Zach Vorhies / Google Whistleblower @Perpetualmaniac

Posted on 07/20/2024 8:10:34 AM PDT by ransomnote

click here to read article


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-64 next last
To: pas

I put the university of MO at Rolla into a do loop in Fortran 4 once. Long time ago. They were somewhat not pleased.


41 posted on 07/20/2024 12:31:24 PM PDT by askrenr (HOOAH! It's an Army thing.)
[ Post Reply | Private Reply | To 20 | View Replies]

To: fuzzylogic

“If it isn’t, then it’s a very sorry state of affairs at MS”

This didn’t occur at MSFT.


42 posted on 07/20/2024 12:57:59 PM PDT by steve86 (Numquam accusatus, numquam ad curiam ibit, numquam ad carcerem™)
[ Post Reply | Private Reply | To 30 | View Replies]

To: fuzzylogic
That said, it’s so amateurish I have to question that it could be sabotage.

"Was it sabotage?" is a perfectly reasonable question to ask. And somebody had better be digging into that question.

We don’t know it wasn’t.

And we don't know that it was. Who would benefit?

Sadly enough, the idea of "innocent until proven guilty" no longer applies to events we continue to see. While I consider sabotage in this case to be unlikely, it is not impossible. Perhaps some booby-trap that went off before it was planned to release?

But again, if you suspect conspiracy, who will benefit? That is where you must direct attention. If there was some kind of conspiracy, then you look for a technical person in a key position who just got a huge "inheritance" and retired. Or who just turned up dead "unexpectedly".

We don't have any such indicators yet.

The people who will lose are the ones at Crowd Strike. That company will be GONE. And the technical staff may be unemployable. The cyber-security industry is kind of a small community. Everybody has a reputation.

43 posted on 07/20/2024 1:01:12 PM PDT by flamberge (A storm is coming)
[ Post Reply | Private Reply | To 39 | View Replies]

To: dynachrome

44 posted on 07/20/2024 1:06:31 PM PDT by dfwgator (Endut! Hoch Hech!)
[ Post Reply | Private Reply | To 36 | View Replies]

To: ransomnote

Hiring code prof readers send resume to

Crowdstrike Oh Sh**t


45 posted on 07/20/2024 1:06:47 PM PDT by Vaduz
[ Post Reply | Private Reply | To 1 | View Replies]

To: cgbg

I totally understand that.


46 posted on 07/20/2024 2:38:16 PM PDT by vpintheak (Sometimes you’re the windshield, sometimes you’re the bug. )
[ Post Reply | Private Reply | To 32 | View Replies]

To: Vaduz

Crowdstrike went from a 50 million dollar company to a 3 billion dollar company in 7 years. All because of democrap party ties


47 posted on 07/20/2024 3:07:45 PM PDT by KC_Conspirator
[ Post Reply | Private Reply | To 45 | View Replies]

To: flamberge

I’d argue that many benefit - from my understanding this mainly hit western nations. It could be an enemy State effort. It could be a competitor to Crowdstrike, this is a disaster for them.

Who knows? I ask, not for the reasons I can think of but for the reasons I can’t. This did $billions in damage and caused lots of chaos. Did somebody die because equipment wasn’t available? Quite possibly. It’s no different than asking ‘who would want to commit terrorism?’. It doesn’t have to make sense to you or I.

As a software expert, responsible for safety critical systems, including their cybersecurity, this is so amateurish I’m suspicious. That’s all.

Even if it was not sabotage, clearly we have a vulnerability. One that could be used as an attack vector in the future. There needs to be an investigation into exactly how this happened.

It raises a bigger question too. If the infrastructure is so dependent on Microsoft, how do we make this doesn’t happen again? Accident or not.


48 posted on 07/20/2024 3:44:25 PM PDT by fuzzylogic (welfare state = sharing of poor moral choices among everybody)
[ Post Reply | Private Reply | To 43 | View Replies]

To: steve86

I corrected myself.

Even so, we have a huge dependency on Microsoft - and with major 3rd parties being able to put their kernel modules into the OS, it raises questions about the possible safeguards that need to be in place in addition to the internal testing, or lack thereof, of a single company.

This was a problem waiting to happen and it’ll likely happen again if we just chalk it up to a ‘mistake’ by a single company - and an ‘oops’ only impacting the company in question.


49 posted on 07/20/2024 3:50:57 PM PDT by fuzzylogic (welfare state = sharing of poor moral choices among everybody)
[ Post Reply | Private Reply | To 42 | View Replies]

To: fuzzylogic
If the infrastructure is so dependent on Microsoft, how do we make this doesn’t happen again?

Do not deploy a "mandatory update" to your entire customer base at the same time. Do it in small sample cohorts and pause to see if there is trouble. Pay very close attention to those cohorts. Continue if there is no trouble.

If something nasty slips through your test procedures, at least this will minimize the damage, and give organizations time to recover.

50 posted on 07/20/2024 4:02:29 PM PDT by flamberge (A storm is coming)
[ Post Reply | Private Reply | To 48 | View Replies]

To: flamberge

I don’t disagree - you are correct. I suppose I’m asking from a more general perspective, Microsoft OS being so entrenched into so many systems - should there be some form of certification program before being released? Just trusting 3rd parties to not get it wrong allows clear risk.

I work in automotive. There’s standards regulations like U.N. R155 that is required in Europe. To sell cars there, a company is required to have a cybersecurity management system that is compliant with the regulation, and be audited by a 3rd party. Standards like ISO21434 provide the framework for cybersecurity in product development.

I’m not aware of such regulatory requirements, standards, or certifications in this instance / context.


51 posted on 07/20/2024 4:22:47 PM PDT by fuzzylogic (welfare state = sharing of poor moral choices among everybody)
[ Post Reply | Private Reply | To 50 | View Replies]

To: discostu
Modern C++ good practices emphasizes that a minimum of pointers and manual memory management should be used in a mission critical application.

Back in the old days, like say 10 years ago and before, yes, C++ code was riddled with manual memory management bugs that caused all sorts of issues just like this. But with current C++ standards, manual memory management is minimized, and in some cases totally eliminated.

Obviously whoever maintained the driver code uses techniques that even today's C++ programmers would frown upon.

If it is a C# programmer being forced to use C++, it's time to get nervous, not because C++ is inherently dangerous, it is because the C# programmer isn't aware or was taught about the new safety features introduced to C++ over the past 10 years or so, and the C# programmer is relying on dusty old C++ books and teaching material to guide them.

52 posted on 07/20/2024 4:26:30 PM PDT by PallMal
[ Post Reply | Private Reply | To 17 | View Replies]

To: TigerClaws

Ah yes, it was the ol NULL pointer from the memory issue.


53 posted on 07/20/2024 9:28:28 PM PDT by minnesota_bound (Need more money to buy everything now)
[ Post Reply | Private Reply | To 8 | View Replies]

To: minnesota_bound

Should have said it under the cone of silence


54 posted on 07/20/2024 9:33:34 PM PDT by RckyRaCoCo (Time to throw them out of the Temple...again)
[ Post Reply | Private Reply | To 53 | View Replies]

To: flamberge

investopedia noted:

CrowdStrike (CRWD) short sellers made more than $373 million Friday after a defective update sent out by the cybersecurity company caused a global IT outage for Microsoft (MSFT) Windows hosts, according to research firm S3 Partners.

https://www.investopedia.com/crowdstrike-outage-microsoft-short-seller-stock-windows-8680960


55 posted on 07/20/2024 9:34:39 PM PDT by LadyDoc (liberals only love politically correct poor people)
[ Post Reply | Private Reply | To 43 | View Replies]

To: ransomnote

Interesting post...thanks


56 posted on 07/21/2024 5:56:25 AM PDT by ptsal (Vote R.E.D. >>>Remove Every Democrat ***)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ransomnote
So let me see if I have this Crowdstrike story straight….
57 posted on 07/21/2024 6:04:56 AM PDT by mewzilla (Never give up; never surrender!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ransomnote

LINT (a code checker) works wonders. Crowdstrike might look into this decades-old technology!


58 posted on 07/21/2024 6:05:07 AM PDT by MortMan (Charter member of AAAAA - American Association Against Alliteration Abuse)
[ Post Reply | Private Reply | To 1 | View Replies]

To: KC_Conspirator

Sounds like their at the end of the line with their operation it’s understandable.


59 posted on 07/21/2024 6:27:37 AM PDT by Vaduz
[ Post Reply | Private Reply | To 47 | View Replies]

To: ransomnote

What a coincidence.

0000000009c is my bank balance


60 posted on 07/21/2024 6:29:23 AM PDT by P.O.E. (Pray for America.)
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-64 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson