Cybersecurity

5958 readers

379 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago

MODERATORS

kid

[email protected]

Microsoft releases Windows repair tool to remove CrowdStrike driver (www.bleepingcomputer.com)

submitted 5 months ago by kid to c/cybersecurity

11 comments fedilink hide all child comments

top 11 comments

sorted by: hot top controversial new old

[–] [email protected] 37 points 5 months ago (3 children)

This is great and a hats off to Microsoft for whipping it up so fast,that being said you'll still need the recovery key for bitlocker which is the ultimate problem; a bitlockered crowdstriked active directory server storing all of the bitlocker recovery keys.

[–] [email protected] 13 points 5 months ago (2 children)

a bitlockered crowdstriked active directory server storing all of the bitlocker recovery keys.

If you didn't make a backup of the recovery key to the master server holding all other keys that's on you

[–] [email protected] 19 points 5 months ago (1 children)

I did make a backup. Then I put it on that other computer. That's also blue screen.

Post-It security is best security.

[–] [email protected] 6 points 5 months ago (1 children)

This is why all my passwords are on Post-Its

[–] stringere 1 points 5 months ago

A lot of teams only made it through the weekend with help from Postmates.

[–] [email protected] 1 points 5 months ago

Oh I'm not affected by this at all. I'm just explaining the issue and why we're not out of the forest yet. I fully agree that this is the fault of the companies for having garbage update and back up policies. I also blame crowdstrike for having a shit tier qa policy.

[–] [email protected] 12 points 5 months ago (1 children)

Sounds like someone didn't plan for the worst-case scenario...

[–] stringere 4 points 5 months ago

Second-to-worst-case scenario was the best we could do at the time.

[–] [email protected] 2 points 5 months ago (1 children)

It's a PITA but you can restore a backup from last Wednesday or earlier into a VM, boot it up, and then retrieve the key for one of your regular ADCs.

Also, why are all your ADCs using BitLocker? I get that you want data encrypted at rest but why not use your RAID controller instead?

[–] [email protected] 1 points 5 months ago

I'm not impacted. I'm just outlining why people are still impacted.

[–] [email protected] 1 points 5 months ago

Crowdstrike has always been a shitty company.

They've never cared about making a good product, only about marketing and making things look pretty