One story going around is that the CrowdStrike fail was a file corrupted during postprocessing, between internal testing and the update CDN.
That implies an epic process or design failure. One of the following has to be true
- They don't sign updates
- They do sign updates, but only after internal testing, and never test the final signed files in a production-equivalent setup (bonus: if this is true, their prod signing process is probably automated and not carefully controlled, and could be abused by an insider)
- They do sign updates, but the parsing code that runs *before* signature verification is not carefully audited and has bugs that BSOD on malformed input.
Any one of those is completely unacceptable for a security product.
Hector Martin /
npub1qk…9azpx
2024-07-20 14:05:39
Author Public Key
npub1qk9x6yrvten3jqyvundn7exggm90fxf9yfarj5eaz25yd7aty8hqe9azpxPublished at
2024-07-20 14:05:39Event JSON
{
"id": "2872693a7ce485e0c34707825501ecd8aeb454ec01da2818be337ca63bb8ec7b",
"pubkey": "058a6d106c5e6719008ce4db3f64c846caf49925227a39533d12a846fbab21ee",
"created_at": 1721484339,
"kind": 1,
"tags": [
[
"proxy",
"https://social.treehouse.systems/@marcan/112819197682205445",
"web"
],
[
"proxy",
"https://social.treehouse.systems/users/marcan/statuses/112819197682205445",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://social.treehouse.systems/users/marcan/statuses/112819197682205445",
"pink.momostr"
],
[
"-"
]
],
"content": "One story going around is that the CrowdStrike fail was a file corrupted during postprocessing, between internal testing and the update CDN.\n\nThat implies an epic process or design failure. One of the following has to be true\n\n- They don't sign updates\n- They do sign updates, but only after internal testing, and never test the final signed files in a production-equivalent setup (bonus: if this is true, their prod signing process is probably automated and not carefully controlled, and could be abused by an insider)\n- They do sign updates, but the parsing code that runs *before* signature verification is not carefully audited and has bugs that BSOD on malformed input.\n\nAny one of those is completely unacceptable for a security product.",
"sig": "3199c3ddf756d8cab4fc2a4eda8d6ca415a234eba6d28fbd50e668043582907e4f105ca29ee183639e2e12eec458846034accec6011f602769544a71edf63d05"
}