Miscellaneous News

Sinnavuuty

Sinnavuuty

Senior Member
Registered Member
Please, Log in or Register to view URLs content!

Here’s why China was largely unaffected by Friday’s IT outage​

️ While businesses in the US and Europe woke up on Friday to a global IT outage that disrupted airports and hotels, China entered its weekend largely unchanged.

️ “The impact of Friday's CrowdStrike incident in China was very small, almost no impact on domestic public life,” said Gao Feng, senior research director at Gartner, in Chinese, translated by CNBC. “Only a few foreign companies in China were affected.”

️ “This is in part because many of the security threats that CrowdStrike is designed to protect against originate in China,” said Rich Bishop, CEO of AppInChina, which publishes international software in China.

️ Microsoft products are widely used in China – Windows accounted for about 87% of personal computer shipments on the mainland last year, according to Canalys. That's up from the 79% share for the rest of the world in the first quarter of this year, the research firm said.

️ “There has been very little impact because CrowdStrike is barely used in China,” said Rich Bishop, CEO of AppInChina, which publishes international software in China.

️ “This is in part because many of the security threats that CrowdStrike is designed to protect against originate in China,” he said, adding that Chinese companies typically use products from Tencent, 360 and other companies.

️ CrowdStrike said in its latest annual cyber threat report that over the past year, “China nexus adversaries continued to operate at an unparalleled pace across the global stage, leveraging stealth and scale to collect surveillance data from targeted groups, strategic intelligence and intellectual property”.
Click to expand...
 
V

valysre

Junior Member
Registered Member
Sinnavuuty said:
Please, Log in or Register to view URLs content!
Click to expand...
On this topic, I heard from the grapevine that it was a single null pointer dereference that caused the Crowdstrike outage.
It's a fairly easy mistake to make, but it's also a very easy mistake to catch during testing, because it's practically guaranteed failure.
Brings to question the competence of whoever Crowdstrike has got working for them, if they couldn't catch such an obvious bug during testing.
 
H

HereToSeePics

Junior Member
Staff member
Moderator - World Affairs
Registered Member
Not only did Crowdstrike bug cause computers to crash, the BSOD error happens during startup, so people couldn’t even boot into Windows to roll back the bad update.

There were tens of thousands of system administrators across the globe working nights and weekend to manually boot individual computers in safemode to undo the bad update.
 
GZDRefugee

GZDRefugee

Junior Member
Registered Member
valysre said:
On this topic, I heard from the grapevine that it was a single null pointer dereference that caused the Crowdstrike outage.
It's a fairly easy mistake to make, but it's also a very easy mistake to catch during testing, because it's practically guaranteed failure.
Brings to question the competence of whoever Crowdstrike has got working for them, if they couldn't catch such an obvious bug during testing.
Click to expand...
So my segmentation fault joke was actually right on the money? Wild.
 
V

valysre

Junior Member
Registered Member
GZDRefugee said:
So my segmentation fault joke was actually right on the money? Wild.
Click to expand...
I'm not absolutely convinced that it is true, because there are many compile-time tools that will alert you of this, but it doesn't seem improbable. There are only so many things that could go so catastrophically wrong at this level.
Anyways, good luck to anyone who has "Crowdstrike 2024" in their resume. They will probably be rejected out of hand, without even interviewing.
 
siegecrossbow

siegecrossbow

General
Staff member
Super Moderator
valysre said:
On this topic, I heard from the grapevine that it was a single null pointer dereference that caused the Crowdstrike outage.
It's a fairly easy mistake to make, but it's also a very easy mistake to catch during testing, because it's practically guaranteed failure.
Brings to question the competence of whoever Crowdstrike has got working for them, if they couldn't catch such an obvious bug during testing.
Click to expand...

Boeingfication of a nation… When you value shareholder profit above all else…
 
GZDRefugee

GZDRefugee

Junior Member
Registered Member
valysre said:
I'm not absolutely convinced that it is true, because there are many compile-time tools that will alert you of this, but it doesn't seem improbable. There are only so many things that could go so catastrophically wrong at this level.
Anyways, good luck to anyone who has "Crowdstrike 2024" in their resume. They will probably be rejected out of hand, without even interviewing.
Click to expand...
Well they gave a devblog update to the issue.

Please, Log in or Register to view URLs content!

TLDR: They claim the issue is due to logic error in named pipe execution. I can't verify unless I can get my hands on the stacktrace.

Alas, it seems the outage isn't because of a NULL->xyz mistake. So I can't claim to be a prophet.
It would have been really funny though.
 
You must log in or register to reply here.
Top