Comments by "" (@grokitall) on "CrowdStrike Might Be Held Liable For Damages" video.

  1. to be fair to the companies, a lot of them were shocked that the n-1 and n-2 policies provided by the configuration tool did not also apply to the live update definition files.
    4
  2. actually there have been multiple cases in multiple jurisdictions, which pretty much all agree that if you are guilty of negligence, willful blindness gross negligence or various specific types of illegality, the insurance company does not have to pay.
    2
  3. ​ @TimothyWhiteheadzm for airlines it is the knock on effects which kill you. say you cannot have the passengers board the plane. at this point, you need to take care of the passengers until you can get them on another flight. this might involve a couple of days staying at a hotel. then the flight does not leave. at this point neither the plane or the pilots are going to be in the right place for the next flights they are due to take. as some of these pilots will be relief crew for planes where the crew are nearing their flight time limit, that plane now cannot leave either, so now you have to do the same with their passengers as well. in the case of delta, airlines it went one step further, actually killing the database of which pilots were where, and you could not start rebuilding it from scratch until all the needed machines were back up and running. the lawsuit from delta alone is claiming 500 million in damages, targeting crowdstrike for taking down the machines, and microsoft for not fixing the boot loop issue which caused them to stay down. i know of 5 star hotels which could not check guests in and out, and of public house chains where no food or drinks could be sold for the entire day, as the ordering and payment systems were both down, and they had no on site technical support. i am sure the damages quoted will turn out to be under estimates.
    1
  4. ​ @373323 there are a number of companies who were running n-1 or n-2 versions of the driver, which crowdstrike support, but the issue here is that it was company policy as stated by the ceo to immediately push the signature files out to everyone in one go, without further testing. the information from crowdstrike is that the engineer in question picked up an untested template, modified it for the case in hand, ran a validator program against it which had not been updated to cover that template (and thus should have failed it), and once that passed, picked up the files, and shipped them out to everyone with no further testing, as per company policy. it then took them 90 minutes to spot that there was a problem, and do a 2 minute fix to roll back the update to stop the rollout and fix any machines with the bad update that had not yet rebooted. it took them 6 hours from the rollout to have a solution to the problem of how to fix the rebooted machines, but it only really worked on basic desktops which did not need security. at least one company reported spending 15 hours manually rebooting and fixing 40,000 machines. some were worse.
    1
  5. we have known not to put backups too close since the backups for the data centres in building 1 of the twin towers were in building 2, and both got taken out on 9-11.
    1
  6. yes we would. this killed locked down machines, and with some specific systemd exceptions almost nobody uses, it requires administrator access to get them to reboot. this is why it took so long to get them back up. only high level technical support have the access to these systems to reboot them.
    1