Rocksolid Light

News from da outaworlds

mail  files  register  groups  login

Message-ID:  

BOFH excuse #116: the real ttys became pseudo ttys and vice-versa.

comp / comp.risks / Risks Digest 34.36

SubjectAuthor
o Risks Digest 34.36RISKS List Owner

1
Subject: Risks Digest 34.36
From: RISKS List Owner
Newsgroups: comp.risks
Organization: PANIX Public Access Internet and UNIX, NYC
Date: Sun, 21 Jul 2024 22:58 UTC
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!panix!.POSTED.panix3.panix.com!not-for-mail
From: risko@csl.sri.com (RISKS List Owner)
Newsgroups: comp.risks
Subject: Risks Digest 34.36
Date: 21 Jul 2024 22:58:36 -0000
Organization: PANIX Public Access Internet and UNIX, NYC
Lines: 795
Sender: RISKS List Owner <risko@csl.sri.com>
Approved: risks@csl.sri.com
Message-ID: <CMM.0.90.4.1721602364.risko@chiron.csl.sri.com1274>
Injection-Info: reader1.panix.com; posting-host="panix3.panix.com:166.84.1.3";
logging-data="949"; mail-complaints-to="abuse@panix.com"
To: risko@csl.sri.com
View all headers

RISKS-LIST: Risks-Forum Digest Sunday 21 Jul 2024 Volume 34 : Issue 36

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.36>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents: [Amid madness, way backlogged.]
CrowdStrike IT outage affected 8.5 million Windows
(BBC via Matthew Kruk)
A CrowdStrike update crashed the world's computers.
What comes next? (WiReD)
The MTA's Old Computer Technology Kept Going During
Today's MS-related Outrage (Curbed via Henry Baker)
Cyber Criminals Seek to Exploit Crowdstrike Outage
(Gabe Goldberg)
Re: Crowdstrike (Cliff Kilby)
Boeing and Failures (BBC viz Jim Geissman)
U.S. Gender Care Is Ignoring Science (Pamela Paul)
AT&T says hacker stole call records of ‘nearly all’ wireless customers
(WashPost)
Data breach exposes millions of mSpy spyware customers (TechCrunch)
Rite Aid says June data breach impacts 2.2 million people (Victor Miller)
What comes around: SSH CVE-2024-6387 (Qualys via Cliff Kilby)
Exim attachment flaw CVE-2024-39929 (Censys)
New Intel CPU Vulnerability 'Indirector' Exposes Sensitive Data
(geoff goodfellow)
German Navy still uses 8-inch floppy disks, working on
emulating a replacement (ArsTechnica)
Zombie browser says "what"? (Betanews)
You're holding your phone wrong? (WashPost)
In Ukraine War, A.I. Begins Ushering In an Age of
Killer Robots (The New York Times)
Perfect Apple Supply Chain Bug -- Millions of Apps at Risk of
CocoaPods RCE {Security Boulevard)
When AI tells you to verify (Lauren Weinstein)
In GA the Biggest Election Breach in History Has Gone Uninvestigated
(Notus via Susan Greenhagh)
OpenAI illegally barred staff from airing safety risks,
whistleblowers say (WashPost)
Drone photographer pleads guilty to Espionage Act charges
(The Verge)
Re: Voting in Switzerland (Rebecca Mercuri, Bertrand Meyer)
Re: Russian Disinformation (PGN)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

From: Matthew Kruk <mkrukg@gmail.com>
Date: Sat, 20 Jul 2024 13:34:52 -0600
Subject: CrowdStrike IT outage affected 8.5 million Windows
devices, Microsoft says (BBC)

https://www.bbc.com/news/articles/cpe3zgznwjno

Microsoft says it estimates that 8.5m computers around the world were
disabled by the global IT outage.

It's the first time that a number has been put on the incident, which is
still causing problems around the world.

The glitch came from a cybersecurity company called CrowdStrike which sent
out a corrupted software update to its huge number of customers.

[Almost all major airline computer systems were affected: Bruce Crumley,
Inc. 19 Jul 2024
https://www.inc.com/bruce-crumley/airlines-bear-brunt-of-global-crowdstre.html
-- although JetBlue evidently had zero problems because it does *not use*
the MS/Crowdstrike connection. I had two flights to get home, and
everything seemed to be running ahead of schedule! PGN]

------------------------------

Date: Fri, 19 Jul 2024 19:12:50 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: A CrowdStrike update crashed the world's computers.
What comes next? (WiReD)

Airports, banks, TV stations, health care organizations, hotels, and
countless other businesses are still reeling from widespread IT outages,
leaving flights grounded and causing untold disruption. The cause? A
software update from cybersecurity firm CrowdStrike that crashed Windows
machines across the globe.

Only a handful of times in history has a single piece of code managed to
instantly wreck computer systems worldwide. This time, the ongoing digital
catastrophe appears to have been triggered not by malicious code released by
hackers but by the software designed to stop them.

Here’s how it happened, how it’s impacting the world, and where we go from
here.

https://link.wired.com/view/5be9ddd83f92a40469eae33cliaml.2ptl/8d27d912

------------------------------

Date: Sat, 20 Jul 2024 00:35:34 +0000
From: Henry Baker <hbaker1@pipeline.com>
Subject: The MTA's Old Computer Technology Kept Going During
Today's MS-related Outrage (Curbed)

FYI -- *diversity* in computer systems can provide more resilience...
Putting all your eggs in one basket risks putting egg all over your face!

https://www.curbed.com/article/mta-tech-outage-countdown-clocks-oldest-kept-going.html

The MTA's Old Computer Technology Kept Going During Today's Outage
Nolan Hicks, a longtime New York City politics and transit reporter

* On the website formerly known as Twitter, users (okay, me) jokingly
posted, "MTA this AM: Can't crash computers you don't have!" along with a
picture of the Battlestar Galactica, the interplanetary aircraft carrier
that survived a rebellion led by sentient robots because it was the one
vessel that, lacking a computer network, couldn't be
hacked.

* Housing-policy expert Alex Armlovich joked that "the MTA's deeply
fragmented IT systems are so mutually incompatible that at least only half
the system crashes at one time."

[DIVERSITY is ironic here: This reminds me of Microsoft's response to the
Internet Worm in 1988: ``Our software was completely unaffected.'' Of
course that was true, because the Worm targeted only Unix systems.
Remarkable hyperbole. Hyperbolloxed? PGN]

[It seems more like DieVarsity, because scuttlebutt suggests that a
single unintentional button push caused the entire fiasco. There should
have at least been some sort of advisory warning such as "Do you really
want to let the wild rumpus roar worldwide? PGN]

------------------------------

Date: Fri, 19 Jul 2024 17:38:38 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Cyber Criminals Seek to Exploit CrowdStrike Outage

Organizations, including government and Public Safety agencies, are
reporting blue screen of death on systems with a CrowdStrike Update deployed
last night. If you have CrowdStrike deployed in your environment, we suggest
following the guidance provided by CrowdStrike:
https://www.crowdstrike.com/blog/statement-on-windows-sensor-update/

The VFC has received information that cybercriminals are exploiting this
event and posing as Crowdstrike support. Exercise caution and only speak
with legitimate Crowdstrike support personnel. The following are known,
fraudulent pop up support partners claiming to be CrowdStrike support:

/crowdstrikebluescreen.com
/crowdstrike0day.com
/crowdstrike-bsod.com
/crowdstrikedoomsday.com
/crowdstrikedoomsday.com
/crowdstrikefix.com
/crowdstrikedown.site
/crowdstriketoken.com

https://fusion.vsp.virginia.gov/vfcshield/all-sector-specific-bulletin-update-cyber-criminals-seek-to-exploit-crowdstrike-outage/

------------------------------

Date: Fri, 19 Jul 2024 11:03:23 -0400
From: Cliff Kilby <cliffjkilby@gmail.com>
Subject: Re: CrowdStrike

I've used and rather like Crowdstrike. I specifically like that it has an
auto-update policy available.
https://medium.com/mii-cybersec/crowdstrike-falcon-series-deployment-to-maximum-protection-5ba791d33270
Any org I've worked with or any product I've worked with has to have the
option for N-1 deployment, or I've had to create one. Version N goes on a
few QA machines, and one or two employee machines (IT testers). N-1 goes on
everything else. If there is an issue with N, we get a heads up. If there's
a vulnerability with N-1, we'd have the option to bypass auto update using
normal patching process.

https://techcrunch.com/2024/07/19/banks-airlines-brokerage-houses-report-widespread-outages-across-the-globe/

If this outage was caused by a sensor update, I have questions about why
anyone would be running software that hasn't had some local testing first.
Just because there is an update, your environment is most likely unique,
with machines running between OS and App patch levels. Are these companies
also pulling in upsteam patches without any testing?
https://www.theregister.com/2024/07/18/security_review_failure/
Oh. Oh dear.

Have fun with that.

APPENDED:

It seems that the defect was in a content update, not a sensor update.
There's no N rule for content deployment with CrowdStrike running auto
updates:

a defect found in a single content update of its software on Microsoft
Windows operating systems, according to a post on X from CEO George Kurtz.

My apologies for the miscommunication.

------------------------------

Date: Thu, 18 Jul 2024 11:25:59 -0700
From: "Jim Geissman" <jgeissman@socal.rr.com>
Subject: Boeing and Failures

https://www.bbc.com/future/article/20240718-how-ordinary-failure-could-have-
a-seismic-effect-on-an-industrial-giant

How ordinary failure could have a seismic effect on an industrial giant

By John Downer is Associate Professor in Science and Technology Studies at
the University of Bristol, and the author of "Rational Accidents."
<https://mitpress.mit.edu/9780262546997/rational-accidents/> A shorter
version of this story was previously published on MIT Press Reader.


Click here to read the complete article
1

rocksolid light 0.9.8
clearnet tor