Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I'm pretty sure crowdstrike autoupdates, with 0 option to disable or manually rollout updates. Even worse people running N-1 and N-2 channels also seem to have been impacted by this.


My point stands then. If you're applying kernel grade patches on machines which you knowingly cannot disable or test, that's just simple negligence.


I think it's probably not a kernel patch per se. I think it's something like an update to a data file that Crowdstrike considers low risk, but it turns out that the already-deployed kernel module has a bug that means it crashes when it reads this file.


Which suggests the question: What's the current state of "fuzz testing" within the Crowdstrike dev org?




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: