…according to a Twitter post by the Chief Informational Security Officer of Grand Canyon Education.

So, does anyone else find it odd that the file that caused everything CrowdStrike to freak out, C-00000291-
00000000-00000032.sys was 42KB of blank/null values, while the replacement file C-00000291-00000000-
00000.033.sys was 35KB and looked like a normal, if not obfuscated sys/.conf file?

Also, apparently CrowdStrike had at least 5 hours to work on the problem between the time it was discovered and the time it was fixed.

  • driving_crooner
    link
    fedilink
    English
    arrow-up
    14
    arrow-down
    3
    ·
    edit-2
    5 months ago

    The file is used to store values to use as denominators on some divisions down the process. Being all zeros is caused a division by zero erro. Pretty rookie mistake, you should do IFERROR(;0) when using divisions to avoid that.

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      19
      arrow-down
      1
      ·
      5 months ago

      I disagree. I’d rather things crash than silently succeed or change the computation. They should have done better input and output validation, and gracefully fail into a recoverable state that sends a message to an admin to correct. A divide by zero doesn’t crash a system, it’s a recoverable error they should 100% detect and handle, hot sweep under the rug.

    • Morphit @feddit.uk
      link
      fedilink
      English
      arrow-up
      5
      ·
      5 months ago

      IFERROR(;0)

      Maybe they should use a more appropriate development tool for their critical security platform than Excel.