CrowdStrike: Whats a Channel File? Explained.
HTML-код
- Опубликовано: 7 сен 2024
- What is a channel file?
Let me explain, because it also explains how bad this all is, and that I suspect is why they wont explain it.
BTW, the actual bug is a null ptr deref. So clearly no QA done before the update was yeet'ed out.
CrowdStrike Confirms that skipped testing before deploying to prod: www.crowdstrik...
i did security research for a while and i know the bucket is huge. There will always be gaps in a researcher's knowledge. It is a fundamental expectation that the researcher will be able to learn these gaps well enough to share and explain in their research. The reporting in tech does not require a level of expertise that is associated with a researcher. i don't know what a channel file is, but also i don't make tech reporting. i did research in obfuscated compilers, secure voting systems, static code analysis, and binary decompilation. I know that when I read something that I don't understand, I'm going to share about it that I need to hunker down and get intimate with the data.
being an IT tech for the last 21 years, I just can't believe a mistake from a crowdstrike like company.
I never thought I would ever require to pull out internet cable from the firewall in my whole life, but I did it when i realized what was happening luckily only 4 machines effected from my environment and no servers. I believe I could be marked as safe :)
Yes, your bar for tech reporting is far too high
I mean, all said and done. I heard that the channel file was truncated(empty), if that is the case, if they were testing, did no one think to pass an empty channel file?
Your bar is definitely too high. Security research is insanely broad and you can't possibly know everything. The expectation is that obviously if you dont know something you should learn it for the future. I doubt most people probably know what a channel file is 😂. Also I'm 99% certain the researcher youre referring to is John Hammond
If my bar is too high it's because I've worked with some of the best people in the world at Microsoft and that was the bar that we all kept ourselves to.
I love the idea of keeping things going in terms of constantly learning and constantly updating yourself, but honestly you should understand the entire process and you should totally understand how your software reaches customers, and if you don't have a basic knowledge of how that happens, then I wouldn't consider any dev to lack competence in the job :/
Its not hard to ask your team "how do customers get our code? How do we release to prod?" and honestly, I expect devs to be informed and be a part of that process, as a prerequisite to doing their job well.
I'm seeing some memes that indicate the engineer who pushed the issue has been fired.
well this has nothing to do with security research, a security researcher will know programming, windows internals very well, will know how vulnerabilities can be exploited etc ..., why should he care about release management ?