{"type":"rich","version":"1.0","title":"Hector Martin wrote","author_name":"Hector Martin (npub1qk…9azpx)","author_url":"https://yabu.me/npub1qk9x6yrvten3jqyvundn7exggm90fxf9yfarj5eaz25yd7aty8hqe9azpx","provider_name":"njump","provider_url":"https://yabu.me","html":"One story going around is that the CrowdStrike fail was a file corrupted during postprocessing, between internal testing and the update CDN.\n\nThat implies an epic process or design failure. One of the following has to be true\n\n- They don't sign updates\n- They do sign updates, but only after internal testing, and never test the final signed files in a production-equivalent setup (bonus: if this is true, their prod signing process is probably automated and not carefully controlled, and could be abused by an insider)\n- They do sign updates, but the parsing code that runs *before* signature verification is not carefully audited and has bugs that BSOD on malformed input.\n\nAny one of those is completely unacceptable for a security product."}