Hacker News new | ask | show | jobs
by techie128 693 days ago
This is good and bad. This showcases the importance of CrowdStrike. This is a short term blip but in the long run they will learn from this and prevent this type of an issue in the future. On the flip side, they have a huge target on their back for the U.S. government to try and control them. They are also a huge target for malicious actors since they can clearly see that CS is part of critical US and western infra. Taking them down can cripple essential services.

On a related note, this also demonstrates the danger of centralized cloud services. I wish there were more players in this space and the governments would try their very best to prevent consolidation in this space. Alternatively, I really wish the CS did not have this centralized architecture that allows for such failure modes. Software industry should learn from great & age old engineering design principles. For example, a large ships have watertight doors that prevent compartments from flooding in case of a breach. It appears that CS didn't think the current scenario was not possible therefore didn't invest in anything meaningful to prevent this nightmare scenario.
3 comments
anigbrowl 693 days ago
I'm not that confident that they're going to be around to recover from after their stock price falls into the toilet and they get sued out the yin-yang. I don't think 'read the EULA terms lol' is gonna cut it here.
link
alt227 693 days ago
> This is a short term blip

No security engineer in the world is going to trust the words CrowdStrike after this.

link
kasabali 693 days ago
Security engineers are the ones who first came up with these crap in the first place. Sales people are not to blame, they'll sell anything.
link
choeger 693 days ago
Or, and that maybe a radical idea, YOU DON'T INSTALL THIS FUCKING SNAKE OIL IN THE FIRST PLACE.

The idea of antivirus software is laughable when Adobe cannot implement a safe and secure PDF parser then how can Crowdstrike while simultaneously supporting the parsing of a million other protocols?

Everyone involved: Vendor, operator, and auditors who mandate this shit are responsible and should be punished.

YOU HAVE TO MINIMIZE THE ATTACK SURFACE, NOT INCREASE IT.

link