Maybe your favourite techy online cyber virtual VR whatever is down, but you can still make your way to your local massage shop or brothel and meet a real girl and have a real HJ or BBBJ or fuck with a real girl.
But I was a bit concerned watching 7 news tonight when they tried to reassure us all that everything was OK an not to panic and the IT expert was Mario Fenech's brother. WTF?

STAY CALM AND KEEP PUNTING!

Maybe your favourite techy online cyber virtual VR whatever is down, but you can still make your way to your local massage shop or brothel and meet a real girl and have a real HJ or BBBJ or fuck with a real girl.
But I was a bit concerned watching 7 news tonight when they tried to reassure us all that everything was OK an not to panic and the IT expert was Mario Fenech's brother. WTF?

It's kinda pointless to go to The Star , too . Only the restaurants are operating but I understand the boom gates cannot open. I think we can still withdraw from the ATMs or use credit cards , so it's a GOER!

Now we can see who are all the dumb cunts putting critical systems on Windows/x86.

Now we can see who are all the dumb cunts putting critical systems on Windows/x86.

Ahhh, you may have a point, but these businesses were affected by a vendors update....

Doesn't matter, no serious OS/platform should crash to 3rd party software.

no 3rd party should roll out updates without performing stringent testing, especially if they are getting paid big bucks for the service they provide.

Stay calm and keep punting

no 3rd party should roll out updates without performing stringent testing, especially if they are getting paid big bucks for the service they provide.

Well if you are running 3rd party software in kernel space that auto updates, then you deserve what you get.

Story is its from a company called crowdstrike, they make software that embeds into window OS to prevent malware. a new update just fucked the world

Major f*&k up, and it is a catch-22 to fix the issue. Our IT department told us this:

Crowdstrike rolled back the update. In order to receive the update, the Crowdstrike agent must be running, which means the computer must resume normal operation. Updates are not possible due to the BSOD (Blue Screen of Death).
The fix: Crowdstrike advises booting up in safe mode and deleting a particular system file, then reboot in normal mode. The process may take up to 20 minutes providing IT has physical access to their computer. Difficult when the majority of staff are working remotely. IT Support and staff impacted will be very busy over the weekend.

This issue is deeper than people think. It exposes all the companies that are using CrowdStrike for their EDR. That's a huge hint to would-be attackers because now they would also know how to exploit any weaknesses. It's a real shit storm.

EDIT:
And it's really ironic if you think about it. Software that is designed to prevent mass outage from malicious attacks has actually caused the biggest outage ever simply by being there. If every outage it prevents in its lifetime is a positive against this outage that it caused, I think it would still be in negative, lol!

I wonder if the Microsoft will take responsibility for loss revenue that happened yesterday? IT company should have insurance for major outage like this, who knows it might happen again

I wonder if the Microsoft will take responsibility for loss revenue that happened yesterday? IT company should have insurance for major outage like this, who knows it might happen again

Why should Microsoft compensate for 3rd party software?

The story goes, the CrowdStrike update was in response to a separate update from Microsoft on Windows. So you can argue that the chain of events started from MS, but it’ll be a long shot to say that they were responsible for it.

Corporate greed needs rebalance. Let the fucking computers die. Employer can sort the shit ourt. Meanwhile don't work. It's your right.

all this proves is cash still has its place in society.

Maybe your favourite techy online cyber virtual VR whatever is down, but you can still make your way to your local massage shop or brothel and meet a real girl and have a real HJ or BBBJ or fuck with a real girl.
But I was a bit concerned watching 7 news tonight when they tried to reassure us all that everything was OK a not to panic and the IT expert was Mario Fenech's brother. WTF?

I’m glad my company is using a different firewall and antivirus software so we were not affected. Only a small company BTW.

Then my wife told me that when she was shopping in Woolworth yesterday , the debit card didn’t work , she tried to pay by cash and the machine that take cash won’t work either , end up the cashier has to take her money manually .

Which made me wonder, what if a punter was planning to use card to pay for the session and the EFTPOS won’t work……. lol

Well if you are running 3rd party software in kernel space that auto updates, then you deserve what you get.

Try again dude, technical details from Crowdstrike.

On Windows systems, Channel Files reside in the following directory:

C:\Windows\System32\drivers\CrowdStrike\

and have a file name that starts with “C-”. Each channel file is assigned a number as a unique identifier. The impacted Channel File in this event is 291 and will have a filename that starts with “C-00000291-” and ends with a .sys extension. Although Channel Files end with the SYS extension, they are not kernel drivers.

the gov & businesses should take legal action against those software companies. they earn trillions. it would be sad if they don’t compensate, if it were in US those software companies are responsible.

and have a file name that starts with “C-”. Each channel file is assigned a number as a unique identifier. The impacted Channel File in this event is 291 and will have a filename that starts with “C-00000291-” and ends with a .sys extension. Although Channel Files end with the SYS extension, they are not kernel drivers.

Are you saying it doesn't run in kernel space and still crashed the OS? That's even worse.

Man you I.T savvy blokes speak a different language...😅 i asked someone at work who knows about such things & he texted back "We're all good.". Luckily my dick isn't electronic..

Maybe the AI dolls not functioning properly ? Voice command for missionary and she turns herself around for doggy…

Man you I.T savvy blokes speak a different language...�� i asked someone at work who knows about such things & he texted back "We're all good.". Luckily my dick isn't electronic..

I'm with you bro. The only kernel I know is Kernel Sanders from KFC :)

Are you saying it doesn't run in kernel space and still crashed the OS? That's even worse.

https://www.youtube.com/watch?v=4yDm6xNeYas&t=94s

The crowdstrike software sits in the critical path causing the BSOD watch above video.

I work in IT however got out of IT helpdesk/support otherwise I would of have been spending my weekend apply the fix manually.

Microsoft outage was separate which was resolved and no action required by customers, what a shit day it was for IT in general

The story goes, the CrowdStrike update was in response to a separate update from Microsoft on Windows. So you can argue that the chain of events started from MS, but it’ll be a long shot to say that they were responsible for it.

This is 100% not microsoft fault.

crowd strike runs in the 0 ring kernel of the system so to monitor any suspicious activity at the kernel level (level which software speaks to hardware, allocating memory, power etc. CW software pretending to be a device driver to be in kernel even though it doesn't interact with any hardware so it can keep an eye on everything basically all access pass to the computer. it can see every bit of memory that moves around and catch suspicious activity. It HAS to be in the Kernel to do what it needs to do.

HOWEVER, all software with kernel access being install on Microsoft computer generally needs a WHQL certification (windows hardware quality labs) to stress test the driver by Microsoft, before it's allowed to be able to install and run in kernel.

This certification takes weeks to months to get. and since Crowd strike wanted the most up to date protection for their software to preempt any possible attacks.
and getting a WHQL cert everytime they wanted to update their software was costly, time consuming and slow.

Geniuses decided, instead of getting certification every time they wanted to update.

Lets have core part of the software in kernel and have instructions installed as a .sys file that the kernel core software looks for on boot.

This way. Updates doesn't need the MHQL certification because they're not updating the kernel driver files. Instead they just update the .sys file the kernel driver looks for when it boots up.

This worked until it didn't.
On Friday, with a faulty file, when the kernel received a faulty file. It just threw a BSOD.
any small issue in kernel layer leads to a BSOD or a reboot at minimum. system simply shuts down as it's the safest route.

as you can see Microsoft had no part in this. it's CS's own fault that did this.



the gov & businesses should take legal action against those software companies. they earn trillions. it would be sad if they don’t compensate, if it were in US those software companies are responsible.

Trillions is a bit of a stretch

CrowdStrike annual net income for 2024 was $0.089B, a 148.75% decline from 2023. CrowdStrike annual net income for 2023 was $-0.183B, a 21.96% decline from 2022



Try again dude, technical details from Crowdstrike.

On Windows systems, Channel Files reside in the following directory:

C:\Windows\System32\drivers\CrowdStrike\

and have a file name that starts with “C-”. Each channel file is assigned a number as a unique identifier. The impacted Channel File in this event is 291 and will have a filename that starts with “C-00000291-” and ends with a .sys extension. Although Channel Files end with the SYS extension, they are not kernel drivers.

This sys file was what the kernel driver looked for so Crowd strike can by pass getting MHQL certification every time they wanted to update.
Crowd strike is a kernel driver software. It just left half of it's code as a .sys file that the kernel looked for.

The cunt that runs Crowdstrike has a reputation for fucking up big time, he also fucked up big time when he worked at McAfee. The cunt is reckless and makes dodgy decisions and shortcuts.

This goes to show that the Peter Principle is alive and kickin' in the corporate world.

HOWEVER, all software with kernel access being install on Microsoft computer generally needs a WHQL certification (windows hardware quality labs) to stress test the driver by Microsoft, before it's allowed to be able to install and run in kernel.

This certification takes weeks to months to get. and since Crowd strike wanted the most up to date protection for their software to preempt any possible attacks.
and getting a WHQL cert everytime they wanted to update their software was costly, time consuming and slow.

Geniuses decided, instead of getting certification every time they wanted to update.

Lets have core part of the software in kernel and have instructions installed as a .sys file that the kernel core software looks for on boot.

This way. Updates doesn't need the MHQL certification because they're not updating the kernel driver files. Instead they just update the .sys file the kernel driver looks for when it boots up.



Thanks for the detailed explanation, but I disagree that Microsoft is not also to blame here. They issued a certification to Crowdstrike's implementation that referenced code from the .sys file. What's the value in a certification process if they don't scrutinize the bad behaviour like this. So MHQL certifications are worthless then?

Thanks for the detailed explanation, but I disagree that Microsoft is not also to blame here. They issued a certification to Crowdstrike's implementation that referenced code from the .sys file. What's the value in a certification process if they don't scrutinize the bad behaviour like this. So MHQL certifications are worthless then?

I don't think you fully read what I wrote.

----------------
TLDR:- driver [sat in kernel] (which was certified) didn't change
channel file 000291 (essentially input data) was corrupt and caused the crash.
channel file which sits in the user layer didn't need cert and can update anytime.
CS did this because it saves the money and is a loop hole.
----------------


There was nothing wrong with the crowd strike's kernel driver which Microsoft gave the MHQL cert for.

A kernel driver is basically a bridge between your software and your hardware.
NORMALLY it's reserved for sound cards, video cards, ram drivers.

crowd strike is special because it doesn't communicate with any hardware. it just NEEDS kernel access to have basically god like overview of everything that's happening where as layer 1 software doesn't have access to.

so for crowd strike to do what it needs to do, it needs to sit in the kernel.


USUALLY. all the code is contained in the kernel driver, which MS gives their MHQL cert for
both the engine to run the protection software PLUS the library of definitions to look for.


In crowd strike case. They had the engine certified, and running in Kernel

They just had the Definition sitting in system files so they can UPDATE IT without needing to go through MS MHQL certification. (short cut to save time and money. So they don't need a new cert every time they want to update a definition or insert a new malware pattern to look for)

CS took a shortcut. the Driver they got certified didn't break.
The issue was with Faulty Censor configuration update in the Channel file 000291 which contained newly observed malicious named pipes used in common command and control frameworks.

It was a .sys file that wasn't written properly.
Basically a library definition list for the kernel driver to look at.

The badly formed file caused a Logic error in the crowd strike driver down at the kernel level which resulted in the BSOD.



----
you may ask well why doesn't Microsoft have a better way of handling security than giving 3rd party kernel access.

And Microsoft did. It had created a Security API which the EU blocked because it was "anti competitive" as smaller security firms would require Microsoft to give them access to the API. Thus the solution to prevent CS fiasco existed. but you can thank EU regulators for not allowing it.

I don't think you fully read what I wrote.

----------------
TLDR:- driver [sat in kernel] (which was certified) didn't change
channel file 000291 (essentially input data) was corrupt and caused the crash.
channel file which sits in the user layer didn't need cert and can update anytime.
CS did this because it saves the money and is a loop hole.
----------------


I understand exactly what you wrote. At one point in the past when they re-architectured the kernel driver to use these channel files that sits outside of the driver, these changes would have needed to be certified. Microsoft should have rejected this poor design back then and they didn't.

It’s actually more damning for Microsoft’s practices/policies than being suggested there. That file is not a simple “definition file” like for an antivirus with hashes of viruses and so. It contains bytecode, actual executable code, that gets injected into that kernel driver. The kernel driver doesn’t actually change very much because it doesn’t have to. Microsoft absolutely knew this and let it happen.