Microsoft's Take On Kernel Access and Safe Deployment After CrowdStrike Incident (securityweek.com) 45
wiredmikey writes: As the dust settles following the massive Windows BSOD tech outages caused by CrowdStrike in July 2024, the question is now, how do we prevent this happening again? While there was no current way Microsoft could have prevented this incident, the OS firm is obviously keen to prevent anything similar happening in the future. SecurityWeek talked to David Weston, VP enterprise and OS security at Microsoft, to discuss Windows kernel access and safe deployment practices (or SDP).
Former Ukranian officer Serhii "Flash" Beskrestnov created a Signal channel where military communications specialists could talk with civilian radio experts, reports MIT's Technology Review. But radio communications are crucial for drones, so... About once a month, he drives hundreds of kilometers east in a homemade mobile intelligence center: a black VW van in which stacks of radio hardware connect to an array of antennas on the roof that stand like porcupine quills when in use. Two small devices on the dash monitor for nearby drones. Over several days at a time, Flash studies the skies for Russian radio transmissions and tries to learn about the problems facing troops in the fields and in the trenches.
He is, at least in an unofficial capacity, a spy. But unlike other spies, Flash does not keep his work secret. In fact, he shares the results of these missions with more than 127,000 followers — including many soldiers and government officials — on several public social media channels. Earlier this year, for instance, he described how he had recorded five different Russian reconnaissance drones in a single night — one of which was flying directly above his van... Drones have come to define the brutal conflict that has now dragged on for more than two and a half years. And most rely on radio communications — a technology that Flash has obsessed over since childhood. So while Flash is now a civilian, the former officer has still taken it upon himself to inform his country's defense in all matters related to radio...
Flash has also become a source of some controversy among the upper echelons of Ukraine's military, he tells me. The Armed Forces of Ukraine declined multiple requests for comment, but Flash and his colleagues claim that some high-ranking officials perceive him as a security threat, worrying that he shares too much information and doesn't do enough to secure sensitive intel... [But] His work has become greatly important to those fighting on the ground, and he recently received formal recognition from the military for his contributions to the fight, with two medals of commendation — one from the commander of Ukraine's ground forces, the other from the Ministry of Defense...
And given the mounting evidence that both militaries and militant groups in other parts of the world are now adopting drone tactics developed in Ukraine, it's not only his country's fate that Flash may help to determine — but also the ways that armies wage war for years to come.
He's also written guides on building cheap anti-drone equipment...
Former Ukranian officer Serhii "Flash" Beskrestnov created a Signal channel where military communications specialists could talk with civilian radio experts, reports MIT's Technology Review. But radio communications are crucial for drones, so... About once a month, he drives hundreds of kilometers east in a homemade mobile intelligence center: a black VW van in which stacks of radio hardware connect to an array of antennas on the roof that stand like porcupine quills when in use. Two small devices on the dash monitor for nearby drones. Over several days at a time, Flash studies the skies for Russian radio transmissions and tries to learn about the problems facing troops in the fields and in the trenches.
He is, at least in an unofficial capacity, a spy. But unlike other spies, Flash does not keep his work secret. In fact, he shares the results of these missions with more than 127,000 followers — including many soldiers and government officials — on several public social media channels. Earlier this year, for instance, he described how he had recorded five different Russian reconnaissance drones in a single night — one of which was flying directly above his van... Drones have come to define the brutal conflict that has now dragged on for more than two and a half years. And most rely on radio communications — a technology that Flash has obsessed over since childhood. So while Flash is now a civilian, the former officer has still taken it upon himself to inform his country's defense in all matters related to radio...
Flash has also become a source of some controversy among the upper echelons of Ukraine's military, he tells me. The Armed Forces of Ukraine declined multiple requests for comment, but Flash and his colleagues claim that some high-ranking officials perceive him as a security threat, worrying that he shares too much information and doesn't do enough to secure sensitive intel... [But] His work has become greatly important to those fighting on the ground, and he recently received formal recognition from the military for his contributions to the fight, with two medals of commendation — one from the commander of Ukraine's ground forces, the other from the Ministry of Defense...
And given the mounting evidence that both militaries and militant groups in other parts of the world are now adopting drone tactics developed in Ukraine, it's not only his country's fate that Flash may help to determine — but also the ways that armies wage war for years to come.
He's also written guides on building cheap anti-drone equipment...
two different articles (Score:5, Insightful)
Re: (Score:2)
Or leaving it to let the trolls have something to argue about: Whether kernal bug insertion into drones can save the Ukraine from the obvious end result when the United States stops poking the bear.
Re:two different articles (Score:5, Funny)
Re: (Score:2)
A discussion to have - OS is for? (Score:2)
Since there have been 4000+ data breaches in the state of Maine, USA since 2020, it might be time for a discussion of improving computer security. That's just the state of Maine, USA - what about the entire USA, EU, Asia, ... ?
https://www.maine.gov/agviewer... [maine.gov]
More generically, at what point of lost GDP due to data breaches does it become a focal point for government, companies and individuals?
Right now, its
- Data breach at company X, and they pay a fine to the government - likely paid by the company's liab
Re: (Score:2)
Something cross-wired here? (Score:3)
Body appears to be related to a different article than one linked.
Re: (Score:2)
Looking closer it looks like he didn't clear his paste buffer or didn't clear the text in the submit text area before pasting the new relevant text related to Microsoft. The text relevant to Microsoft is there, at the beginning of TFS, first paragraph. Then follows the paste from the previous article. Anyway, don't editors have a preview button just like us?
Re: (Score:2)
Looking closer it looks like he didn't clear his paste buffer
I hate it when that happens, you end up with random previous bits of text inserted into your post.
with a gerbil. His girlfriend never forgave him.
That's something new (Score:5, Funny)
I got very used to regular dupes, but this is a new kind of dupe, hidden inside a different article.
Well done, guys. Well done.
Re:That's something new (Score:4, Funny)
I just submitted a FA: "Could Slashdot do better with the help of AI"?
Re:That's something new (Score:4, Funny)
Re: (Score:2)
Mod up
Re: (Score:2)
Hey, Slashdot is being innovative!
One job (Score:3)
Q: What happens when an AI hallucinates? (Score:2)
A: You get weird Slashdot dupes.
C'mon.... (Score:3)
Just delete this and start again.
Rebecca and Gary... (Score:4, Funny)
Anti Drone Kernel DLL's (Score:1)
Re: (Score:1)
Re: (Score:1)
ChatGPT is that you? I recognized you immediately from your anti-Von-Neumann architecture bias!
Nice catch, my friend! But let’s not kid ourselves—my point still stands. You slap a bunch of operating systems into a single box with one network connection and then act shocked when your security gets mugged. Come on, humans!
Re: (Score:2)
Isn’t it kind of funny that we’re still using that old-school Von Neumann architecture for Microsoft kernel stuff?
What computer doesn't use the von Neumann architecture?
Re: (Score:1)
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
The Non Veumann ones?
I'll get me coat.
Re: (Score:2)
Re: (Score:2)
The veal: Try you should.
Strange approach (Score:2)
I'm not sure I understand Microsoft's Ukrainian centric tactic, but we'll see if it pays off.
Re: Strange approach (Score:2)
A Clownstrike software engineer wanted to paste some code generated by Copilot, but accidentally pasted an Ukrainian article. The rest is history.
Breakfast (Score:1)
Re: That was Weird (Score:2)
Given the impact Crowdstrike had I don't think that those litigations will get anywhere if they offer some user mode interface.
After all most of what a driver do can be handled in user mode. The drawback will be some performance impact.
Re: (Score:2)
I think the strategy is to avoid litigation coming from security companies in the EU, and hope customers are smart enough to choose the user mode products.
For that, they could simply commit to limiting their own AV to that API. Well, if MS had any credibility left. They do not after all the crap they have pulled in the last 50 years.
Blame the user when your tool fails... (Score:2)
"“My TLDR,” Weston told SecurityWeek, “is that SDP is the best tool we have in the toolbox for stopping outages. Kernel mode, user mode – not saying those are invalid, just saying those are a much smaller part of the problem. SDP can help prevent outages both inside and outside of the kernel.”"
Yes, people who use your tool should do it slowly and with lots more work because you 'cannot' (choose not to) give them a reliable product.
Otherwise all I saw there was people met, ESET
Re: (Score:2)
Can't blame the saw when you drill a hole through it.
Slashdot kernel faiul (Score:2)
Seems a dupe was able to access the posting and inject itself into it.
Micorosoft (Score:2)
Jus delete the Microsoft aspect of it. Itis a disgrace that nothing happened after they let it happen. I mean this would have been a company in The Netherlands, I could not imagine the steps the US would have taken.
It is disgusting to see Microsoft take advantage of the incident.
We want everything to be transparent, but then we want to enforce this standard as a requirement for working with Microsoft.”
Re: (Score:2)
Microsoft is a defendant in the Delta suit, and given that they didn't do basic null input validation they should be.
There are other directions they could take, but I expect their response has more to do with a duty to act than "taking advantage". Will this be abused to seize more power over kernel modules? Probably, but they've been excluding unsigned/"untested" code since 2009.
Not microsoft's fault? (Score:2)
They couldn't have possibly included input testing as part of their validation, and they have since rescinded the kernel driver signature right?
How many other undocumented, untested, secret modules are being signed with no usable testing?
This article also continues to repeat the lie that the broken update was somehow unique and hit an overflow that couldn't have been predicted. In fact the broken update was all null, as has been reported for months: https://x.com/jeremyphoward/st... [x.com]