Carpet Bomberz Inc.

Tag: security

  • Lady Deathstrike – AKA Crowdstrike A/V

    I don’t want to dump on a company who as nears as I can tell has been good at it’s job. It “feels” like they are able to prevent some of the barbarians attempt to break into desktops and servers all around the world. And by some accounts the hacking groups do attempt to sense/figure out if a computer has Crowdstrike installed. So they are aware of it, and do what they can to work around it. But today, July 19th 2024 is not good. With all the infrastructure and sensors and installs and binding tightly to the operating system (and we’re talking MS Windows here). And yes, sometimes dear Pogo possum, yes. We have met the enemy,…


    I say that in part because these are the remediation steps as presented unto countless thousands of IT folks worldwide. And to say it’s not a good User Experience is truly damning with faint praise.

    Here now are the directions as communicated

    Summar

    • CrowdStrike is aware of reports of crashes on Windows hosts related to the Falcon Sensor.

    Details

    • Symptoms include hosts experiencing a bugcheckblue screen error related to the Falcon Sensor.
    • This issue is not impacting Mac- or Linux-based hosts
    • Channel file “C-00000291*.sys” with timestamp of 0527 UTC or later is the reverted (good) version.

    Current Action

    • CrowdStrike Engineering has identified a content deployment related to this issue and reverted those changes.
    • If hosts are still crashing and unable to stay online to receive the Channel File Changes, the following steps
    • can be used to workaround this issue:

    Workaround Steps for individual hosts:

    • Reboot the host to give it an opportunity to download the reverted channel file.  If the host crashes again, then:
    • Boot Windows into Safe Mode or the Windows Recovery Environment
    • Navigate to the C:WindowsSystem32driversCrowdStrike directory
    • Locate the file matching “C-00000291*.sys”, and delete it.
    • Boot the host normally.

    Note:  Bitlocker-encrypted hosts may require a recovery keyPlease contact the Service Desk at xxx-xxx-xxx

    Workaround Steps for public cloud or similar environment:

    Reattach the fixed volume to the impacted virtual server

    Detach the operating system disk volume from the impacted virtual server

    Create a snapshot or backup of the disk volume before proceeding further as a precaution against unintended changes

    Attach/mount the volume to to a new virtual server

    Navigate to the C:WindowsSystem32driversCrowdStrike directory

    Locate the file matching “C-00000291*.sys”, and delete it.

    Detach the volume from the new virtual server

  • The Eternal Value of Privacy by Bruce Schneier

    Two proverbs say it best: Quis custodiet custodes ipsos? (“Who watches the watchers?”) and “Absolute power corrupts absolutely.”

    via The Eternal Value of Privacy.

    Nobody is the final authority when it comes to monitoring and privacy. No surer example exists than when Stalin died, the rules changed. When the East German state ended the Stazi went away. When the U.S. invaded Iraq, Saddam Hussein fled from power. Those in power try to cleanse their country of all who oppose them (the wrong-thinkers). Then their power evaporates, they vanish and all the rules change again. The same is true of Bush 43.

    George W. Bush was here, now he’s gone. So why not dismantle all that surveillance gear the NSA put into all the network facilities at AT&T, Sprint? The rules have changed, you don’t need to acquiesce to the current administration, because it’s not the same people making the same demands. The rules have changed. Yet as world events on Christmas day have proved there’s always a Jaws-like shark fin rising and falling out there in the ocean. The threat is very close by and we have to be ever vigilant. So the watchers claim of authority is re-established with each and every tragic episode. Still, is a single incident cause for the continued erosion of our rights to privacy? Given the hair-trigger responses we try to architect and instant reprisals it’s obvious to me the current environment proves it can never end, under the current structure. So in order to stop the erosion, we need to change our thinking about the threat. True no one wants to be fearful of flying wherever they may go. And when they go, they don’t want to be faced with having to kill a fellow passenger in order to save themselves, but that’s the situation we have mentally put ourselves in.

    The only way out is to change our thinking. Change how we think about the danger, the threat and you change how much of our freedoms we are willing to give up to respond to the threat. And maybe we can get back to where we once belonged.