…according to a Twitter post by the Chief Informational Security Officer of Grand Canyon Education.

So, does anyone else find it odd that the file that caused everything CrowdStrike to freak out, C-00000291-
00000000-00000032.sys was 42KB of blank/null values, while the replacement file C-00000291-00000000-
00000.033.sys was 35KB and looked like a normal, if not obfuscated sys/.conf file?

Also, apparently CrowdStrike had at least 5 hours to work on the problem between the time it was discovered and the time it was fixed.

  • @GroundedGator@lemmy.world
    link
    fedilink
    English
    04 months ago

    I don’t remember much about my OS courses from 20 years back, but I do recall something about walls between user space and kernel space. The fact that an update from the Internet could enter kernel space is insane to me.

    • AatubeOP
      link
      fedilink
      124 months ago

      You mean you don’t update your kernel?

        • AatubeOP
          link
          fedilink
          84 months ago

          Agreed. Point is, I’m pretty sure programs in kernel space can still read stuff in user space, which can be easily updated.