引發(fā)全球故障后,,Crowdstrike的紀(jì)念品卻大受歡迎
Sharon Goldman
2024-08-12
Sharon Goldman
貓王,、布蘭妮和雪兒在經(jīng)歷過(guò)一段低潮之后,,都在拉斯維加斯得到了救贖。
上周則輪到了Crowdstrike,。
上個(gè)月,,這家陷入困境的網(wǎng)絡(luò)安全公司因?yàn)榇嬖诼┒吹能浖?jí),導(dǎo)致全球計(jì)算機(jī)出現(xiàn)大面積癱瘓,。在一年一度的黑帽(Black Hat)安全會(huì)議上,,這家公司卻出人意料地大受歡迎,訪客紛紛涌入它的展臺(tái)拍照留念,,并領(lǐng)取帶有公司標(biāo)志的T恤和其他紀(jì)念品,。
一位在Crowdstrike展廳前排隊(duì)的訪客提到了該公司提供的具有收藏價(jià)值的擺件,并對(duì)《財(cái)富》雜志稱:“我朋友說(shuō)我一定要領(lǐng)一件,?!?/p>
對(duì)于許多人來(lái)說(shuō),Crowdstrike最近的壞名聲,,反而是它吸引人的地方之一,。
美國(guó)西海岸一家大型便利店和加油站連鎖的高級(jí)安全工程師弗蘭克·弗拉納根穿著一件五顏六色的T恤,戴著牛仔帽,。他對(duì)《財(cái)富》雜志稱,,他排隊(duì)的目的就是為了得到一個(gè)擺件。
他笑著說(shuō):“我希望一年后它會(huì)升值,?!彼_(kāi)玩笑說(shuō),如果這家公司因有缺陷的軟件升級(jí)而陷入法律糾紛,,最終導(dǎo)致其破產(chǎn),,那么這款擺件就會(huì)升值。
Crowdstrike導(dǎo)致全球運(yùn)行微軟(Microsoft)Windows系統(tǒng)的電腦顯示“藍(lán)屏死機(jī)”,,造成全球數(shù)千架航班停飛,,銀行和醫(yī)院系統(tǒng)宕機(jī)。自此次事件發(fā)生以來(lái),,Crowdstrike的股價(jià)下跌了約40%,。達(dá)美航空(Delta)稱,,Crowdstrike要為達(dá)美航班取消造成的超過(guò)5億美元損失全權(quán)負(fù)責(zé)。
雖然Crowdstrike得到的負(fù)面關(guān)注,,讓黑帽大會(huì)的許多參會(huì)者覺(jué)得有趣,,但《財(cái)富》雜志采訪的大多數(shù)人表示,盡管發(fā)生了此次事件,,但Crowdstrike依舊是一家穩(wěn)健且信譽(yù)良好的公司,。Crowdstrike的一位客戶是一家連鎖餐廳的安全專家。他表示,,他對(duì)該公司在此次停機(jī)事件中的反應(yīng)非常滿意,,而且他的公司很快就恢復(fù)了正常運(yùn)行。其他與會(huì)者則普遍認(rèn)為,,Crowdstrike不應(yīng)該為這種常規(guī)升級(jí)造成的問(wèn)題負(fù)責(zé),,因?yàn)檫@種情況可能發(fā)生在與微軟Windows系統(tǒng)緊密聯(lián)系的任何安全公司身上。
Sharon Goldman
德克薩斯理工大學(xué)(Texas Tech University)法律與網(wǎng)絡(luò)安全教授史蒂夫·布萊克指出,,達(dá)美航空對(duì)Crowdestrike的主張并非板上釘釘,。他表示,關(guān)于一家公司對(duì)于自身的恢復(fù)能力應(yīng)該承擔(dān)多大責(zé)任,,這是一個(gè)重要的法律問(wèn)題,。
布萊克表示:“法院對(duì)數(shù)字損害的性質(zhì)存在分歧。原告是否需要證明財(cái)務(wù)損失才能勝訴,?”這起案件取決于達(dá)美航空在多大程度上依賴受軟件更新影響的系統(tǒng),,其與Crowdstrike簽署的服務(wù)協(xié)議的內(nèi)容,以及達(dá)美航空期待獲得怎樣的賠償,。他說(shuō)道:“如果我延誤了,,我可能也要為一些損失負(fù)責(zé)?!?/p>
CEO道歉和T恤衫
Crowdstrike的名字在黑帽大會(huì)上似乎無(wú)處不在,,但原因并不完全是當(dāng)前的新聞報(bào)道。諷刺的是,,Crowdstrike是今年大會(huì)的主要贊助商之一,,因此當(dāng)專題討論會(huì)上提到該公司的名字和大型廣告牌上顯示該公司的名稱時(shí),引起了與會(huì)者的陣陣笑聲,。
CrowdStrike在曼德勒海灣酒店(Mandalay Bay)會(huì)議中心的室內(nèi)通道上方投放了一則大型廣告,,廣告上寫著:“對(duì)手不會(huì)停止。我們也不會(huì)停止,?!?以及“韌性從我們開(kāi)始。我們始終專注于您的需求?!?/p>
據(jù)《華盛頓郵報(bào)》報(bào)道,,Crowdstrike公司的CEO喬治·庫(kù)爾茨在一次專題討論會(huì)上發(fā)言,并就此次崩潰事件向觀眾道歉,。有一位觀眾對(duì)《華盛頓郵報(bào)》表示“喬治的話很簡(jiǎn)短,,但說(shuō)得很好?!眴讨蔚脑捠艿綗崃覛g迎,,“這讓我很意外,因?yàn)榫W(wǎng)絡(luò)安全社區(qū)通常非常挑剔,。”
在大會(huì)的開(kāi)幕演講中,,Crowdstrike事件被頻繁討論,。開(kāi)幕演講嘉賓包括美國(guó)網(wǎng)絡(luò)安全與基礎(chǔ)設(shè)施安全局(U.S. Cybersecurity and Infrastructure Security Agency)局長(zhǎng)珍·伊斯特利。她表示,,大面積停機(jī)進(jìn)一步凸顯出“網(wǎng)絡(luò)韌性”和技術(shù)提供商進(jìn)行認(rèn)真細(xì)致的測(cè)試和設(shè)計(jì)的必要性,。
CyberSaint公司CEO杰瑞·雷登對(duì)《財(cái)富》雜志表示,由于此次停機(jī)事件造成的經(jīng)濟(jì)影響巨大,,因此追究責(zé)任時(shí)面臨巨大風(fēng)險(xiǎn),。他的公司進(jìn)行的分析估計(jì),此次停機(jī)事件僅僅給《財(cái)富》500強(qiáng)公司造成的營(yíng)業(yè)損失就高達(dá)50億美元,。
雷登認(rèn)為,,達(dá)美航空也要為其損失承擔(dān)一定責(zé)任。他說(shuō)道:“他們必須要承擔(dān)一定的責(zé)任去了解環(huán)境,,了解最大的風(fēng)險(xiǎn)是什么,。”他指出,,大多數(shù)組織認(rèn)為遭到攻擊才是最大的網(wǎng)絡(luò)風(fēng)險(xiǎn),,但軟件更新漏洞也可能影響整體運(yùn)營(yíng)?!鞍沿?zé)任全部歸咎于Crowdstrike不公平,。”
Sharon Goldman
有人指出,,微軟也應(yīng)該為此次停機(jī)承擔(dān)一定責(zé)任,。許多人認(rèn)為,此次停機(jī)的原因是Windows核心架構(gòu)的設(shè)計(jì),,可能導(dǎo)致惡意軟件,、垃圾軟件和驅(qū)動(dòng)程序不穩(wěn)定等問(wèn)題。網(wǎng)絡(luò)安全專家、律師和前FBI探員埃里克·奧尼爾表示:“微軟不應(yīng)該給予第三方如此高的訪問(wèn)權(quán)限,。微軟可能辯稱這是技術(shù)或許可的工作方式,,但這只是借口,因?yàn)橥瑯拥膯?wèn)題并不影響Linux或Mac系統(tǒng),。而且Crowdstrike很早就發(fā)現(xiàn)了這個(gè)問(wèn)題,。”
在Crowdstrike的展臺(tái),,“T恤吧”的工作人員忙著操作設(shè)備,,制作定制T恤衫,還有人在向訪客發(fā)放小盒子,,里面裝著人們夢(mèng)寐以求的擺件,。這款擺件名為“水生熊貓”和“分散蜘蛛”,分別代表了著名的黑客組織和網(wǎng)絡(luò)罪犯,。
一位正在排隊(duì)的安全研究人員表示,,他不知道這些紀(jì)念品是什么,但聽(tīng)說(shuō)它們很受歡迎,。似乎為了避免設(shè)定過(guò)高的預(yù)期,,這位研究人員補(bǔ)充說(shuō),可能并不是什么特別精致的東西,。他說(shuō)道,,畢竟“這家公司的股價(jià)已經(jīng)下跌了40%”。(財(cái)富中文網(wǎng))
譯者:劉進(jìn)龍
審校:汪皓
貓王,、布蘭妮和雪兒在經(jīng)歷過(guò)一段低潮之后,,都在拉斯維加斯得到了救贖。
上周則輪到了Crowdstrike,。
上個(gè)月,,這家陷入困境的網(wǎng)絡(luò)安全公司因?yàn)榇嬖诼┒吹能浖?jí),導(dǎo)致全球計(jì)算機(jī)出現(xiàn)大面積癱瘓,。在一年一度的黑帽(Black Hat)安全會(huì)議上,,這家公司卻出人意料地大受歡迎,訪客紛紛涌入它的展臺(tái)拍照留念,,并領(lǐng)取帶有公司標(biāo)志的T恤和其他紀(jì)念品,。
一位在Crowdstrike展廳前排隊(duì)的訪客提到了該公司提供的具有收藏價(jià)值的擺件,并對(duì)《財(cái)富》雜志稱:“我朋友說(shuō)我一定要領(lǐng)一件,?!?/p>
對(duì)于許多人來(lái)說(shuō),Crowdstrike最近的壞名聲,,反而是它吸引人的地方之一,。
美國(guó)西海岸一家大型便利店和加油站連鎖的高級(jí)安全工程師弗蘭克·弗拉納根穿著一件五顏六色的T恤,,戴著牛仔帽。他對(duì)《財(cái)富》雜志稱,,他排隊(duì)的目的就是為了得到一個(gè)擺件,。
他笑著說(shuō):“我希望一年后它會(huì)升值?!彼_(kāi)玩笑說(shuō),,如果這家公司因有缺陷的軟件升級(jí)而陷入法律糾紛,最終導(dǎo)致其破產(chǎn),,那么這款擺件就會(huì)升值,。
Crowdstrike導(dǎo)致全球運(yùn)行微軟(Microsoft)Windows系統(tǒng)的電腦顯示“藍(lán)屏死機(jī)”,造成全球數(shù)千架航班停飛,,銀行和醫(yī)院系統(tǒng)宕機(jī),。自此次事件發(fā)生以來(lái),Crowdstrike的股價(jià)下跌了約40%,。達(dá)美航空(Delta)稱,,Crowdstrike要為達(dá)美航班取消造成的超過(guò)5億美元損失全權(quán)負(fù)責(zé)。
雖然Crowdstrike得到的負(fù)面關(guān)注,,讓黑帽大會(huì)的許多參會(huì)者覺(jué)得有趣,,但《財(cái)富》雜志采訪的大多數(shù)人表示,,盡管發(fā)生了此次事件,,但Crowdstrike依舊是一家穩(wěn)健且信譽(yù)良好的公司。Crowdstrike的一位客戶是一家連鎖餐廳的安全專家,。他表示,,他對(duì)該公司在此次停機(jī)事件中的反應(yīng)非常滿意,而且他的公司很快就恢復(fù)了正常運(yùn)行,。其他與會(huì)者則普遍認(rèn)為,,Crowdstrike不應(yīng)該為這種常規(guī)升級(jí)造成的問(wèn)題負(fù)責(zé),因?yàn)檫@種情況可能發(fā)生在與微軟Windows系統(tǒng)緊密聯(lián)系的任何安全公司身上,。
德克薩斯理工大學(xué)(Texas Tech University)法律與網(wǎng)絡(luò)安全教授史蒂夫·布萊克指出,,達(dá)美航空對(duì)Crowdestrike的主張并非板上釘釘。他表示,,關(guān)于一家公司對(duì)于自身的恢復(fù)能力應(yīng)該承擔(dān)多大責(zé)任,,這是一個(gè)重要的法律問(wèn)題。
布萊克表示:“法院對(duì)數(shù)字損害的性質(zhì)存在分歧,。原告是否需要證明財(cái)務(wù)損失才能勝訴,?”這起案件取決于達(dá)美航空在多大程度上依賴受軟件更新影響的系統(tǒng),其與Crowdstrike簽署的服務(wù)協(xié)議的內(nèi)容,,以及達(dá)美航空期待獲得怎樣的賠償,。他說(shuō)道:“如果我延誤了,,我可能也要為一些損失負(fù)責(zé)?!?/p>
CEO道歉和T恤衫
Crowdstrike的名字在黑帽大會(huì)上似乎無(wú)處不在,,但原因并不完全是當(dāng)前的新聞報(bào)道。諷刺的是,,Crowdstrike是今年大會(huì)的主要贊助商之一,,因此當(dāng)專題討論會(huì)上提到該公司的名字和大型廣告牌上顯示該公司的名稱時(shí),引起了與會(huì)者的陣陣笑聲,。
CrowdStrike在曼德勒海灣酒店(Mandalay Bay)會(huì)議中心的室內(nèi)通道上方投放了一則大型廣告,,廣告上寫著:“對(duì)手不會(huì)停止。我們也不會(huì)停止,?!?以及“韌性從我們開(kāi)始。我們始終專注于您的需求,?!?/p>
據(jù)《華盛頓郵報(bào)》報(bào)道,Crowdstrike公司的CEO喬治·庫(kù)爾茨在一次專題討論會(huì)上發(fā)言,,并就此次崩潰事件向觀眾道歉,。有一位觀眾對(duì)《華盛頓郵報(bào)》表示“喬治的話很簡(jiǎn)短,但說(shuō)得很好,?!眴讨蔚脑捠艿綗崃覛g迎,“這讓我很意外,,因?yàn)榫W(wǎng)絡(luò)安全社區(qū)通常非常挑剔,。”
在大會(huì)的開(kāi)幕演講中,,Crowdstrike事件被頻繁討論,。開(kāi)幕演講嘉賓包括美國(guó)網(wǎng)絡(luò)安全與基礎(chǔ)設(shè)施安全局(U.S. Cybersecurity and Infrastructure Security Agency)局長(zhǎng)珍·伊斯特利。她表示,,大面積停機(jī)進(jìn)一步凸顯出“網(wǎng)絡(luò)韌性”和技術(shù)提供商進(jìn)行認(rèn)真細(xì)致的測(cè)試和設(shè)計(jì)的必要性,。
CyberSaint公司CEO杰瑞·雷登對(duì)《財(cái)富》雜志表示,由于此次停機(jī)事件造成的經(jīng)濟(jì)影響巨大,,因此追究責(zé)任時(shí)面臨巨大風(fēng)險(xiǎn),。他的公司進(jìn)行的分析估計(jì),此次停機(jī)事件僅僅給《財(cái)富》500強(qiáng)公司造成的營(yíng)業(yè)損失就高達(dá)50億美元,。
雷登認(rèn)為,,達(dá)美航空也要為其損失承擔(dān)一定責(zé)任。他說(shuō)道:“他們必須要承擔(dān)一定的責(zé)任去了解環(huán)境,,了解最大的風(fēng)險(xiǎn)是什么,?!彼赋觯蠖鄶?shù)組織認(rèn)為遭到攻擊才是最大的網(wǎng)絡(luò)風(fēng)險(xiǎn),,但軟件更新漏洞也可能影響整體運(yùn)營(yíng),。“把責(zé)任全部歸咎于Crowdstrike不公平,?!?/p>
有人指出,微軟也應(yīng)該為此次停機(jī)承擔(dān)一定責(zé)任,。許多人認(rèn)為,,此次停機(jī)的原因是Windows核心架構(gòu)的設(shè)計(jì),可能導(dǎo)致惡意軟件,、垃圾軟件和驅(qū)動(dòng)程序不穩(wěn)定等問(wèn)題,。網(wǎng)絡(luò)安全專家、律師和前FBI探員埃里克·奧尼爾表示:“微軟不應(yīng)該給予第三方如此高的訪問(wèn)權(quán)限,。微軟可能辯稱這是技術(shù)或許可的工作方式,,但這只是借口,因?yàn)橥瑯拥膯?wèn)題并不影響Linux或Mac系統(tǒng),。而且Crowdstrike很早就發(fā)現(xiàn)了這個(gè)問(wèn)題,。”
在Crowdstrike的展臺(tái),,“T恤吧”的工作人員忙著操作設(shè)備,,制作定制T恤衫,還有人在向訪客發(fā)放小盒子,,里面裝著人們夢(mèng)寐以求的擺件,。這款擺件名為“水生熊貓”和“分散蜘蛛”,,分別代表了著名的黑客組織和網(wǎng)絡(luò)罪犯,。
一位正在排隊(duì)的安全研究人員表示,他不知道這些紀(jì)念品是什么,,但聽(tīng)說(shuō)它們很受歡迎,。似乎為了避免設(shè)定過(guò)高的預(yù)期,這位研究人員補(bǔ)充說(shuō),,可能并不是什么特別精致的東西,。他說(shuō)道,畢竟“這家公司的股價(jià)已經(jīng)下跌了40%”,。(財(cái)富中文網(wǎng))
譯者:劉進(jìn)龍
審校:汪皓
Elvis, Britney, and Cher all found redemption in Las Vegas after going through a rocky phase.
This week, it was Crowdstrike’s turn.
The embattled cybersecurity company, whose buggy software update brought much of the world to a standstill last month, is enjoying a moment of strange cultural cachet at the annual Black Hat security conference, as throngs of visitors flock to its booth to snap selfies and load up on branded company shirts and other swag.
“My friend says I have to get one,” one person waiting in line by the Crowdstrike booth told Fortune, referring to the collectible figurines the company was offering.
For many, the newfound notoriety of the Crowdstrike name is part of the appeal.
Frank Flanagan, a senior security engineer for a large west coast chain of convenience stores and fuel stations, clad in a colorful shirt and cowboy hat, told Fortune he was in line strictly to get his hands on a figurine.
“I hope it will be worth more after a year,” he chuckled, and joked that the value would be even greater if the company were to go out of business as a result of the legal woes stemming from the flawed software update.
Crowdstrike’s stock has plunged roughly 40% since the incident, which caused computers running Microsoft Windows to display the dreaded “blue screen of death,” grounding thousands of flights and freezing systems at banks and hospitals around the globe. Delta has said Crowdstrike is solely responsible for cancelled flights that it claims cost it more than $500 million.
While many Black Hat attendees found amusement in the company’s brush with public notoriety, most of the people that Fortune spoke to at the event believed Crowdstrike was a solid and reputable company despite the incident. One Crowdstrike customer, a security professional at a restaurant chain, said he was very happy with the company’s response to the outage and that his company was quickly up and running again. Other attendees collectively shrugged at the idea that Crowdstrike could be blamed for a problem with a routine update that could happen to any of the security companies deeply intertwined with Microsoft Windows.
Steve Black, a professor of law and cybersecurity at Texas Tech University, pointed out that Delta’s argument against Crowdestrike is not a slam-dunk. There is a significant legal question about how much responsibility a business has for its own resilience, he said.
“Courts have been divided over the nature of digital harms,” said Black. “Does a plaintiff have to show financial harm to win?” A legal case will hinge on how dependent Delta was on the systems affected by the update, what its service agreement with Crowdstrike said, and what Delta’s remediation looked like. “If I delay, I may be responsible for some of the losses,” he said.
A CEO apology and hot-pressed T-shirts
If the Crowdstrike name seemed to be everywhere at the Black Hat conference, it wasn’t entirely due to the news cycle. In an ironic twist, Crowdstrike is one of the top sponsors of this year’s annual conference, eliciting occasional chuckles as its name is announced during panel sessions and displayed on large billboards.
“Adversaries aren’t stopping. Neither are we,” proclaims one oversized Crowdstrike advertisement above the indoor walk to the Mandalay Bay hotel conference convention center. “Resilience starts with us. Our focus remains with you.”
George Kurtz, the Crowdstrike CEO, spoke during a panel at the event and apologized to the audience for the debacle, according to the Washington Post. “George’s comments were brief but well said,” someone in the audience told the Post, noting that the comments got a warm reception, “which surprised me, given how critical the security community can be.”
The Crowdstrike incident was a frequent topic during the opening keynote panel session featuring Jen Easterly, the director of the U.S. Cybersecurity and Infrastructure Security Agency. Easterly said the widespread outage reinforced the need for “cyber resiliency” and diligent testing and designing by tech vendors.
Jerry Layden, CEO at CyberSaint, told Fortune that the stakes are high when it comes to placing blame for the outage, since the scale of the economic impact is so big. His company’s analysis estimated operational costs of the outage reaching $5 billion for the Fortune 500 alone.
Layden believes that Delta has some culpability for its losses. “They have to take some responsibility for understanding their environment, understanding where their biggest risks are,” he said, pointing out that most organizations think most about being attacked as the biggest cyber risk, but flaws in software updates can also impact the entire business. “Throwing it all on Crowdstrike is not fair.”
Others pointed out that Microsoft should take their fair share of the blame for the outage, which many say was caused by the design of Windows in its core architecture that leads to malware, spyware and driver instability. “Microsoft should not be giving any third party that level of access,” said Eric O’Neill, a cybersecurity expert, attorney and former FBI operative. “Microsoft will complain, well, it’s just the way that the technology works, or licensing works, but that’s bullshit, because this same problem didn’t affect Linux or Mac. And Crowdstrike caught it super-early.”
Back at the Crowdstrike booth, staffers busily operated machines to create custom-pressed shirts at the “T-Shirt bar,” while others handed out small boxes containing the coveted figurines. The figurines, dubbed “Aquatic Panda” and “Scattered Spider,” represent famous hacker groups and cyber criminals.
One security researcher in line said he didn’t know what the collectibles were, but hard heard they were a hot item. Then again, the researched added, as if to avoid setting his expectations too high, “they probably aren’t anything fancy.” After all, he said, “the company lost like 40% of its stock.”
財(cái)富中文網(wǎng)所刊載內(nèi)容之知識(shí)產(chǎn)權(quán)為財(cái)富媒體知識(shí)產(chǎn)權(quán)有限公司及/或相關(guān)權(quán)利人專屬所有或持有,。未經(jīng)許可,禁止進(jìn)行轉(zhuǎn)載,、摘編,、復(fù)制及建立鏡像等任何使用,。
