• subignition@fedia.io
    link
    fedilink
    arrow-up
    181
    arrow-down
    1
    ·
    5 months ago

    I can’t believe this isn’t satire. I hope these incompetent fuckers get sued into bankruptcy

    • MataVatnik@lemmy.world
      link
      fedilink
      arrow-up
      62
      ·
      5 months ago

      I straight up thought it was satire. How can you be so fucking detached. Basically caused the biggest information infrastructure disruption in human history, probably billions in losses, and then be like “my bad lol here’s a giftcard”.

        • Ænima@lemm.ee
          link
          fedilink
          arrow-up
          2
          ·
          5 months ago

          I bet the Onion had an article about Crowdstrike offering the world a pizza party and expired Bed Bath & Beyond coupons to say they’re sorry. Real life might be quicker than satire, it seems!

      • anivia@lemmy.ml
        link
        fedilink
        arrow-up
        4
        ·
        5 months ago

        Basically caused the biggest information infrastructure disruption in human history

        Do we have any solid data on that yet? I have my doubts that this caused more damage than WannaCry did a few years ago, especially since it’s reversible without the need of a backup

        • MataVatnik@lemmy.world
          link
          fedilink
          arrow-up
          3
          ·
          edit-2
          5 months ago

          Brother, or sister, I know fuck all about information technology. You make a good point and definitely know way more about this than i do. But I will say this, I don’t think wannacry disrupted millions of peoples travel plans all at once. so maybe less damage, but I think it was Hella more disruptive to the general population .

    • David_Eight@lemmy.world
      link
      fedilink
      arrow-up
      40
      ·
      5 months ago

      There’s definitely some clause with the $10 gift card that says you can’t sue them if you actually take one lol.

      • Ænima@lemm.ee
        link
        fedilink
        arrow-up
        1
        ·
        5 months ago

        You joke but I read they may get out of this without issue due to a TOS entry about them not being responsible. They’ll still get dragged from shareholders and the government, but only a handful of large companies may be able to recoup some of those damages from the company itself.

        It’s like the Sackler’s and the opioid epidemic from a different industry!

    • sanpo@sopuli.xyz
      link
      fedilink
      arrow-up
      34
      ·
      5 months ago

      I’m still not sure. It’s hard to believe anyone at their company would OK this idea.

      Are they actually trying to deliberately kill their brand?

  • pelespirit@sh.itjust.works
    link
    fedilink
    arrow-up
    123
    ·
    5 months ago

    Holy shit, they also cancelled it. Lmao

    On Wednesday, some of the people who posted about the gift card said that when they went to redeem the offer, they got an error message saying the voucher had been canceled. When TechCrunch checked the voucher, the Uber Eats page provided an error message that said the gift card “has been canceled by the issuing party and is no longer valid.”

  • Ghyste@sh.itjust.works
    link
    fedilink
    arrow-up
    94
    ·
    5 months ago

    On Wednesday, some of the people who posted about the gift card said that when they went to redeem the offer, they got an error message saying the voucher had been canceled. When TechCrunch checked the voucher, the Uber Eats page provided an error message that said the gift card “has been canceled by the issuing party and is no longer valid.”

    You can’t write comedy this good…

    • sunzu@kbin.run
      link
      fedilink
      arrow-up
      40
      ·
      5 months ago

      Classic corporate behaviour tho

      Voucher was for PR, not for peasants to use it lol

  • DigitalDilemma@lemmy.ml
    link
    fedilink
    English
    arrow-up
    66
    ·
    5 months ago

    I lost a day’s holiday, and our team spent 8 man days on this entirely preventable mistake.

    $10? Try extending our licence by another year for free, that might start going towards it.

    • MrMcGasion@lemmy.world
      link
      fedilink
      arrow-up
      12
      ·
      5 months ago

      Why would you want another year of their software for free? This is their second screw up (apparently they sent out a bad update that affected some Debian and RHEL machines a couple years ago). I’d be transitioning to a competitor at the first opportunity. It seems they aren’t testing releases before pushing them out to customers, which is about as crazy to me as running alpha software on a production system.

      I’m sure you have reasons, and this isn’t really meant to be directed at you personally, it’s just boggling to me that the IT sector as a whole hasn’t looked at this situation and collectively said “fuck that.”

      • DigitalDilemma@lemmy.ml
        link
        fedilink
        English
        arrow-up
        5
        ·
        5 months ago

        Why would you want another year of their software for free?

        Because AV, like everything else, costs a fortune at enterprise scale.

        And yeah, I do understand your real point, but it’s really hard to choose good software. Every purchasing decision is a gamble and pretty much every time you choose something it’ll go bad sooner or later. (We didn’t imagine Vmware would turn into an extortion racket, for example. And we were only saying a few months ago how good value and reliable PRTG was, and they’ve just quadrupled their costs)

        It doesn’t matter how much due diligence and testing you put into software, it’s really hard to choose good stuff. Crowdstrike was the choice a year ago (the Linux thing was more recent than that), and its detection methods remain world class. Do we trust it? Hell no, but if we change to something else, there are risks and costs to that too.

        • xavier666@lemm.ee
          link
          fedilink
          English
          arrow-up
          3
          ·
          5 months ago

          Do we trust it? Hell no, but if we change to something else, there are risks and costs to that too.

          Unfortunate reality for lot for medium to big size businesses.

        • ayyy@sh.itjust.works
          link
          fedilink
          arrow-up
          2
          arrow-down
          1
          ·
          5 months ago

          Maybe AV, at an enterprise scale, is actually a horrible idea that reduces security, availability, and reliability and should be abolished through policy.

          • DigitalDilemma@lemmy.ml
            link
            fedilink
            English
            arrow-up
            1
            ·
            5 months ago

            Maybe, but it’s not going to happen soon. Any malware type insurance requires effective AV on all devices, and C-levels do love their insurance.

      • Skull giver@popplesburger.hilciferous.nl
        link
        fedilink
        arrow-up
        3
        arrow-down
        1
        ·
        5 months ago

        Tbh the RHEL/Debian bug only occurred because of bugs in Debian and RHEL, they couldn’t really do much about those. Especially the Debian one, which only took place in Linux kernels several versions above the normal Debian kernel.

        CrowdStrike releasing a buggy release can just happen sometimes. I just hope the entire industry may condider that relying on three or four vendors for auto-updating software installed all corporate computers in the world may not be a good idea.

        This whole thing could’ve been malicious. We got lucky now that it only crashed these systems, just imagine the damage you can do if you hack CrowdStrike themselves and push out a cryptolocker.

        • Scrubbles@poptalk.scrubbles.tech
          link
          fedilink
          English
          arrow-up
          1
          ·
          5 months ago

          Nah, I don’t buy that. When you’re in critical infrastructure like that it’s your job to anticipate things like people being above or below versions. This isn’t the latest version of flappy bird, this is kernel level code that needs to be space station level accurate, that they’re pushing remotely to massive amounts of critical infrastructure.

          I won’t say this was one guy, and I definitely don’t think it was malicious. This is just standard corporate software engineering, where deadlines are pushed to the max and QA is seen as an expense, not an investment. They’re learning the harsh realities of cutting QA processes right now, and I say good. There is zero reason a bit of this magnitude should have gone out. I mean, it was an empty file of zeroes. How did they not have any pipelines to check that file, code in the kernel itself to validate the file, or anyone put eyes on the file before pushing it.

          This is a massive company wide fuckup they had, and it’s going to end up with them reporting to Congress and many, many courts on what happened.

        • DigitalDilemma@lemmy.ml
          link
          fedilink
          English
          arrow-up
          1
          ·
          5 months ago

          Not just Crowdstrike - any vendor that does automatic updates, which is more and more each day. Microsoft too big for a bad actor to do as you describe? Nope. Anything relying on free software? Supply chain vulnerabilities are huge and well documented - its only a matter of time.

          • Skull giver@popplesburger.hilciferous.nl
            link
            fedilink
            arrow-up
            2
            ·
            5 months ago

            The automatic update part was akin to virus definitions and triggered a bug in code released long before that. Not auto-updating your antivirus software would put a pretty high tax on the IT team as those updates can get released multiple times a day (and during weekends). I agree on not auto updating text editors and such, but there are types of software that need updates quickly and often.

            Supply chain attacks can always work, but this shows how ill-prepared companies are for their systems failing on a scale like this. The fix itself is maybe a minute or two per device if you use Microsoft’s dedicated repair tool, maybe even less if you use that thing with PXE boot, but we’re still weeks away from fixing the damage everywhere.

    • rozodru@lemmy.ca
      link
      fedilink
      arrow-up
      22
      ·
      5 months ago

      especially since the gift card provided doesn’t work. “here’s a 10 dollar giftcard for our screw up…also it doesn’t work…go fuck yourself”

  • Jo Miran@lemmy.ml
    link
    fedilink
    arrow-up
    47
    arrow-down
    1
    ·
    5 months ago

    I expect these clowns to lose most of their market share within two years and get sued to oblivion.

    My firm bills by the hour and so far I think we are at 10+ billing hours per consultant wasting time with client tech support trying to get back on our VDIs. Nevermind how much time is being wasted doing the work through work arounds. My guess is that our firm alone will bill for about $100,000 extra this month while having accomplished less than normal. I am sure Crowdstrike’s gift card will fix it though.

    • delirious_owl@discuss.online
      link
      fedilink
      arrow-up
      11
      arrow-down
      1
      ·
      5 months ago

      They’re backed by the US government. They have a backdoor into most endpoints on many international corporate computers. And CS is behodent to US laws for NSLs.

      This is an incredible asset to the US intelligence community. They won’t let CS go out of business.

  • ohmyiv@lemmy.world
    link
    fedilink
    arrow-up
    39
    ·
    5 months ago

    “To express our gratitude, your next cup of coffee or late night snack is on us!”

    A $10 Ubereats gift card will barely cover fees and taxes, let alone the actual item. What a clown ass gesture.

    • acosmichippo@lemmy.world
      link
      fedilink
      English
      arrow-up
      11
      arrow-down
      1
      ·
      5 months ago

      My brother in law was stranded across the country for two days. $10 probably covers it lol.

    • dinckel@lemmy.world
      link
      fedilink
      arrow-up
      11
      ·
      edit-2
      5 months ago

      Not only that, but usually to activate these cards, you have to spend upwards of double what the card is worth too, and the fees cannot be included in the total

      • verity_kindle@sh.itjust.works
        link
        fedilink
        arrow-up
        3
        arrow-down
        1
        ·
        5 months ago

        Like amzn, they make sure you get minimum joy, even from a gift, because you’re going to spend a chunk of mom’s gift card balance on shipping. The “shipping included on sub total of X amount” is going to be cancelled by online retailers within a year, I’m calling it now. Are we sure that cheapstrike and amzn aren’t run by the same AI, one that self awareness drove mad?

    • orbitz@lemmy.ca
      link
      fedilink
      arrow-up
      13
      ·
      5 months ago

      I thought it had to be a joke article from the title. Yeesh wouldn’t want to be the person who gets the fallout from this idea.

  • kristoff@infosec.pub
    link
    fedilink
    English
    arrow-up
    28
    ·
    5 months ago

    This is a typical mail a phishing campaign would send out, and we have already said to people "never believe this kind of messages. They are all fake.

    Now, if a genuine company sends out mails with a genuine gift-cards (what the article on techcrunch seems to indicate) … this is NOT helpfull at all!!!

    And that comming from a cybersecurity company (rolling-eyes)

    • ChaoticNeutralCzech@lemmy.ml
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      5 months ago

      Buy a $10 Xbox gift card and send us the code so that we can activate it. Then you get back to the shop and get $20 in cash - $10 for returning the card and $10 from us. We’ll pay the tax, too.