I'm surprised I'm not seeing anyone commenting on the demonstrable risk posed by #centralization in the form of #homogenous #software.
With the #market continuing to consolidate to a small number of dominate players, the impact of mistakes grows.
And if an accidental null pointer exception in one product can ground most flights in the US... just imagine what an intentional #cyberattack could do.
This was the topic of discussion i had earlier today in meatspace. Fairly huge risk and widespread. I dont know whats true and whats conjecture but reportedly affected
- airlines
- gas stations
- hospitals
- hotels like marriott
- banks
- various retail
- fedex
- some 911 systems
thats a vast net and what concerns me here is a failure in testing not only by crowdstrike, but also all these corps just blindly trusting anything from a vendor.
I've done security testing for large banks and I can say that they do testing before rolling out updates. Even security updates from Microsoft are not pushed out without testing.
I would be surprised if they were affected.
And if they were, I'd be very interested in knowing how it got by them. It's possible they can't run their own update server like they do with Windows updates, or that they made an exception for security software updates (a policy they'd undoubtedly be reconsidering right now).
The only thing I can say for sure is that they do think about this and have processes and teams of people to mitigate it.
Can confirm hospitals. We were in the dark ages.
It was much worse that grounded flights. My emergency department couldn't accept ambulances and our 911 centers were completely down. Police systems were down. We managed, but people probably died from this and we just don't know it yet.
