Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Troy Hunt Profile picture
@troyhunt
Jul 19 22 tweets 5 min read Read on X
Something super weird happening right now: just been called by several totally different media outlets in the last few minutes, all with Windows machines suddenly BSoD’ing (Blue Screen of Death). Anyone else seen this? Seems to be entering recovery mode: Image
The issue is worldwide: dailymail.co.uk/news/article-1…
Hearing multiple reports of a Crowdstrike agent issue
Airports down
Position from Crowdstrike
The global scope of this is *MASSIVE*. Germany:
Japan:
India. I can probably stop here, let’s just say “everywhere”
Not just everywhere, but every*one* (nearly). This is massive
The financial impact of this is already hard to fathom
Looks like BSoDs are turning up everywhere right now
I’ve not seen official guidance on a fix yet so proceed with caution, hope it’s this simple
I appreciate a lot of these updates are aviation related, but that does tend to be where outages really hit hard
Impact on emergency services
And public transport
Look at all those BSoDs 😮
If you're watching this unfold and aren't unfamiliar with the name "CrowdStrike", they're a *massive* player in the security space and have billions of dollars of annual revenue. Their products include "EDR", which is endpoint detection and response. Think of it as antivirus.
Products like this need to auto-update as they're continually evolving to respond to emerging threats. New attacks need new defences, so these products need to regularly update on your PC.
They also usually operate in what we'd call a "privileged" space on your machine, that is they have very broad-reaching control in order to detect and mitigate risks. That also means that if something goes wrong with an update, it's able to catastrophically nuke your machine.
I don’t think it’s too early to call it: this will be the largest IT outage in history
Just an important point on this as I’m seeing some misunderstandings: this is not a “Microsoft outage” (disclosure: I don’t work there or speak for them, Regional Directors are totally independent), it’s a CrowdStrike issue impacting Microsoft PCs.
This is basically what we were all worried about with Y2K, except it's actually happened this time ☠️

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Troy Hunt

Troy Hunt Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @troyhunt

Troy Hunt Profile picture
Jul 6
Let's start with what should be obvious: any infosec story that includes a headline about "largest", "greatest", "worst", or similar superlatives should be regarded with suspicion right from the outset. That said, let's delve into this one: cybernews.com/security/rocky…
Firstly to the title - "RockYou". This harks back a decade and a half to a 2009 data breach that exposed 34M records. It was particularly noteworthy as the passwords were in plain text: en.wikipedia.org/wiki/RockYou
Following this breach, the "RockYou password list" became almost the defacto standard list for password crackers. It's one of many breaches that seeded the data in @haveibeenpwned's Pwned Passwords list.
Read 9 tweets
Troy Hunt Profile picture
May 25
A thread on this because the more I looked into it, the more I wanted to say about it:
Firstly, this has come after @zackwhittaker's article which boils down to "it's stalkerware and it has appeared in a bunch of hotels it maybe shouldn't have and we know this because it has vulns disclosing what's captured and the company isn't responding" techcrunch.com/2024/05/22/spy…
It appears that in response to that piece, someone has gone and found a very easily exploitable bug that boiled down to a SOAP based API with an associated WSDL that documented the endpoints, one of which returned valid AWS creds Image
Read 18 tweets
Troy Hunt Profile picture
May 10
So this is an interesting one for several reasons. Firstly, the defacement which was obviously designed to antagonise a conservative media company. Maybe someone with an axe to grind, but definitely evidence of breach.
Then there are the 3 different classes of data set published at the bottom of the defacement, let's go through each by file name:
editors.json: this includes the name, personal email, phone and sometimes address of the journo. Given the politically charged nature of some of the content, PII exposure of this nature is extra concerning. It's now easy to match a story to someone's physical address and phone.
Read 19 tweets
Troy Hunt Profile picture
Jan 31
Alright folks, this is starting to smell like bullshit. Not the alleged breach (which smells bad for reasons I'll explain in a moment), but the "AI" line from both Europcar and the PR agency that just emailed me pitching someone's hot take on it. Here's why:
Firstly on the legitimacy of the data, a bunch of things don't add up. The most obvious one is that the email addresses and usernames bear no resemblance to the corresponding people names. For example: Image
Next, each of those usernames is then the alias of the email address. What are the chances that *every single username* aligns with the email address? Low, very low.
Read 12 tweets
Troy Hunt Profile picture
Oct 30, 2023
We often receive comments to the effect of “we want to purchase a @haveibeenpwned subscription but our company doesn’t allow us to use a credit card”. What is the financial reason behind this?

This is a very small portion compared to those that *do* pay by card, but why is this?
To add to this, having spent 14 years at Pfizer I’d see policies like this all the time. But it’s also not like there was a blanket ban: try going on a business trip and asking the person at the noodle shop you’re having lunch at to raise an invoice on 60 day terms 🤣
This also isn’t about traceability; spend the money, raise an expense claim with receipt, job done. I could understand if the answer was “because an invoice and wire transfer stops people randomly being stuff and puts procurement in control”, but they could still pay with a card.
Read 7 tweets
Troy Hunt Profile picture
Sep 8, 2023
Let me add some more context to the Dymocks breach, starting with giving them a massive pat on the back for responding so quickly. It was less than 48 hours ago between me contacting someone there via LinkedIn and them having sent disclosure emails to customers. Massive kudos!
What's not as clear from the story is the extent to which the data was already circulating before I was able to get in touch with them. Multiple Telegram channels and a popular *clear web* (not dark web) forum were broadly circulating the data.
I also suspect we're about to see a repeat of the question so many people raised after Optus and Medibank: why do they still have my data? About a quarter of the rows are flagged "inactive" with dates as far back as 2005, yet still sit there with address, email, phone etc. Image
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(