Who on earth needs an enemy while having such a good friend?
2 Likes
It would seem the linux kernel developers should crack down on these “foreign agents”.
I would like to hear the reason why security software needs to operate in kernel space.
That is new concept. Anti-malware apps were always user space , if I recall correctly.
3 Likes
SELinux has a bunch of kernel modules.
Iptables has a bunch of kernel modules.
2 Likes
They come as distro packages or as part of the kernel download , and are presumably well managed
Third party kernel modules are the worry. The way a module interfaces with the kernel
needs to be carefully scrutinized. There are rules. There is a whole book on the subject. If you break the rules, you can break the kernel.
There was a time in Unix, when , to add something to the kernel you had to recompile the whole kernel. That was safe but inconvenient, to say the least. Dynamically loaded kernel modules are a great convenience, but the down side is they have to be carefully crafted.
I think outsourcing Linux security is a really bad idea. It should be native.
" Security clients now face a difficult choice between trusting third-party security vendors with the keys to their systems, or accepting a higher risk of cyber attack."
Native Linux security would fix that.
2 Likes
Crowdstrike is a cloud platform security provider. In this case, a flawed security update intended for Microsoft devices that host server instances on Azure brought down those computers all over the world. Crowdstrike provides security for Microsoft’s Azure service, and a patch was sent out to all Windows computers that host Azure instances, so even GNU/Linux instances, running on Windows hosts were affected (brought down).
A fix has been created, but it must be installed manually, which means millions of individual computers getting the patch installed by hand, but only if the IT teams for the affected devices have a functioning computer to get the download in the first place.
I hope I got this right,
Ernie
7 Likes
I just got forced to do TWO CyberSecurity CBT online courses by a customer who got hit hard by the Crowdstrike bullshit - and both times - I did the WHOLE CBT without watching or paying attention to the content - because they’re tailored to mindless drones - this one made me laugh so much I had to save it :
There are THREE correct answers on that list
9 Likes
Does that mean that it
- provides security to cloud platforms only, or
- is a cloud platform that provides security to any platform
3 Likes
I read early on that if you reboot an affected computer up to 15 times it would fix itself. I thought that sound liked a bunch of hooey. Then I read a more reliable source that confirmed it. It may only take two or three reboots, but could take up to 15.
Apparently, what happens is the Crowdstrike software attempts to automatically update as soon as it starts. Since there is a fixed version of the bad file, it may be successful quickly enough to avoid the issue.
Reboot. Repeat…
4 Likes
I’m not sure. What I do know is that it provides security services for Azure.
Ernie
3 Likes
That’s interesting, and it makes a kind of sense too . . .
Ernie
1 Like
First thing I should tell you that there is no ‘CLOUD’ service or device at all. It is just another person’s or company’s computer. ‘Cloud computing’ does not get computated on ‘CLOUD’. It gets computated in another computer. So, ‘CLOUD’ concept in computing world is just to confuse people to make them think it is something beyond understable (because most company’s top officials are actually salesman, nothing more than that) and instead rely on the giant tech companies.
Now CROWDSTIKE. It is a cybersecurity firm which is selling an antivirus plus firewall product to the mega-corporations and governments and probably they install their software remotely and also maintain it remotely. Now, they update their software through automated online service, just like you get updates in Windows, Linux and other softwares. This particular patch actually affected Windows only, not PURELY Linux systems. So, the problem was within Windows which Crowdstike also mentioned but to hide FAILURES of Windows from the public eye, Microsoft marketed it as the fault of Crowdstrike to save their market and made Crowdstrike silent about Microsoft’s fault. But those who are non-biased, they did understand what actually happened. Clear? 
Note: As per this post Smug non-Microsoft users : Global outage for Windows users using Crowdstrike - global BSOD - #20 by daniel.m.tripp Debian and Rocky Linux, both have been hit probably both of these distributions kernels are older than other Linux distros. I don’t know for sure but it may be a probability. Fedora instances haven’t been affected, at least I haven’t heard any such report.
2 Likes
Azure itself is devasted with flaws which helped hackers to breach hundreds of admin accounts and steal confidential data. You can look here for more details: Microsoft Azure Hit With The Largest Data Breach In Its History.
1 Like