Пассажиропоток российских авиакомпаний увеличился на 4% в июле

Количество современных поездов на МЦД-3 достигло 85%

Около 8 тыс обращений по вопросам ветеринарии поступило в колл-центр Подмосковья

В Подмосковье определили самые посещаемые карусели за прошедшую неделю



News in English


Новости сегодня

Новости от TheMoneytizer

Q&A: What you need to know about the worldwide cyber snarl

Flights were delayed. Court cases were postponed. Government computer systems were shut down. Even Starbuck’s beverage orders failed to register. It was a truly worldwide day of disconnections.

At the heart of Friday’s massive international technology disruption was CrowdStrike, a cybersecurity firm that provides software to scores of companies worldwide. The company says the problem occurred when a faulty update was pushed out to computers running Microsoft Windows for one of its tools, “Falcon.”

Related: Crowds, frustration, resignation roils LAX, John Wayne and other airports during tech meltdown

Because scores of companies rely on CrowdStrike for their security needs with Windows as their operating system, the consequences of this kind of technical problem have been far-reaching.

As the news broke, Chris Haire of Southern California News Group interviewed Amin Rezaei, PhD, an assistant professor and director of Computer Architecture, Reliability, and Security Laboratory at the Department of Computer Engineering and Computer Science at California State University, Long Beach.

While the worldwide computer woes underscored the vulnerability of worldwide dependence on software that comes from only a handful of providers, Rezaei encouraged deeper discussions in the days ahead to identify solutions to prevent these kinds of outages.

Here is our Q&A with Rezaei.

Q: Based on other reports we’ve seen, CrowdStrike is really successful and a leader in cybersecurity — a press release on its website even says it recently surpassed $1 billion in sales. But its most recent quarterly filing with the SEC says it has a history of losses and only achieved profitability in fiscal year 2024. … So, if you do know anything about CrowdStrike, how would you describe its reputation among cybersecurity professionals? How many companies use CrowdStrike? And can you describe in a way laymen can understand how the company’s cybersecurity operations work?

A: I have heard of the company as it offers real-time cloud security (and other endpoint protection services) to thousands of clients, including many Fortune 500 companies. However, I am not in a position to access the company’s success or failure because a company’s reputation is influenced by a variety of factors that go beyond my pay grade.

Related: Global IT snarl puts cyber firm CrowdStrike in spotlight

But let me comment on the need for cloud security. These days, cloud computing (i.e., the on-demand availability of computing power, data storage, or applications via the internet) is used by many businesses. In this case, their operating costs are lowered because they usually only pay for the cloud services they use.

Because so much data is retrieved and used over the internet and saved on certain physical storage servers, the security of cloud services becomes essential. This is where cybersecurity service providers come into the picture, offering real-time solutions and preventing or detecting malicious threats.

Q: Why would a software bug for a cybersecurity program cause computers around the world to shutdown? Shouldn’t CrowdStrike have a plan to ensure such bugs don’t happen?

A: Again, I am not in a judging position on what a company should or should not do. But the incident highlights, once again, the significance of one simple practice that is unfortunately overlooked: the need to prevent a single point of failure (i.e., the system’s reliance on a single component that, if it fails, can bring the entire system down). Currently, the computer systems employed in many firms suffer from single points of failure, ranging from hardware to cloud providers and services.

Related: Faulty software update causes havoc worldwide for airlines, hospitals and governments

Q: This wasn’t a hack, but is this issue cause for concern about potential vulnerabilities for companies that use CrowdStrike?

A: I prefer to answer this question broadly. Another overlooked issue in high-tech companies is the need to revisit cybersecurity practices in effect. While in this incident the crash is seemingly caused by a software update bug, in more severe situations, deliberate attacks can result in system malfunctions that might be very difficult to fix. Traditionally, security has been considered an afterthought in computer systems (i.e., we have a system; let’s secure it!), not necessarily taken into consideration during the design flow, from specification to implementation. This needs to be changed.

Q: Some reports are saying this is the largest tech outage ever. Can you contextualize how significant or severe this outage is, relative to others?

A: I do not have enough data to fact-check this claim. But looking forward, there should be discussions on preventive solutions against these kinds of outages, such as the ones mentioned above, which I reiterate here: (1) From a business owner’s view: avoiding single points of failure in a business infrastructure; and (2) From a high-tech provider’s view: having measurable security metrics in mind when designing computing systems instead of post-implementation security methods.

Q: Experts say fixing this issue — besides rectifying the bug — will require individual computers to be manually rebooted, which could be a lengthy process. Can you explain this to me? Why is this required and why is it such a lengthy process?

A: The fix for the systems that have not been updated by this buggy update should not be a big issue. However, for impacted systems, the suggested patch seems to require a manual process. For this, each computer needs to be run in safe mode with admin access, and then the corrupted file needs to be deleted. They may be able to come up with a less lengthy option, but it is not guaranteed.

Q: Is there anything a regular citizen can do to be ready for such a day as today?

A: I hope that this incident will poke business owners and high-tech companies to reconsider their traditional mindset of security & trust and follow the advice of cybersecurity experts and researchers who have been doing research in this area for several decades. My suggestion to regular citizens is to first become even more aware of cybersecurity incidents and possible preventions.

There are many free courses and videos online from cybersecurity experts that describe these threats in a non-technical fashion. Second, some levels of familiarity with addressing technical issues are also suggested. We are in a fast-growing world in terms of technology; basic familiarity with system maintenance is now like knowing how to top up your car’s radiator with water in an emergency.

Amin Rezaei, PhD, is an assistant professor and director of Computer Architecture, Reliability, and Security Laboratory at the Department of Computer Engineering and Computer Science at California State University, Long Beach. Information: aminrezaei.com/

The Associated Press contributed to this report

Читайте на 123ru.net


Новости 24/7 DirectAdvert - доход для вашего сайта



Частные объявления в Вашем городе, в Вашем регионе и в России



Smi24.net — ежеминутные новости с ежедневным архивом. Только у нас — все главные новости дня без политической цензуры. "123 Новости" — абсолютно все точки зрения, трезвая аналитика, цивилизованные споры и обсуждения без взаимных обвинений и оскорблений. Помните, что не у всех точка зрения совпадает с Вашей. Уважайте мнение других, даже если Вы отстаиваете свой взгляд и свою позицию. Smi24.net — облегчённая версия старейшего обозревателя новостей 123ru.net. Мы не навязываем Вам своё видение, мы даём Вам срез событий дня без цензуры и без купюр. Новости, какие они есть —онлайн с поминутным архивом по всем городам и регионам России, Украины, Белоруссии и Абхазии. Smi24.net — живые новости в живом эфире! Быстрый поиск от Smi24.net — это не только возможность первым узнать, но и преимущество сообщить срочные новости мгновенно на любом языке мира и быть услышанным тут же. В любую минуту Вы можете добавить свою новость - здесь.




Новости от наших партнёров в Вашем городе

Ria.city

В Мытищинской библиотеке прошел лекторий по книге «Брестская крепость»

«Меня все время приветствуют криками: «Ура!»». Большое интервью Леонида Слуцкого о жизни в Китае

Россия продолжит отстаивать права на отнятую Латвией недвижимость

Время потрачено не зря: на что у тверичей ушло 1,8 млн минут?

Музыкальные новости

«Было страшновато». Защитник «Химок» Филин рассказал, как проходила подготовка к матчу с «Зенитом»

В Москве после рейда десяткам получившим гражданство России мигрантам выдали повестки в военкомат — «Коммерсантъ»

Актриса из «Гоголя» и «Улиц разбитых фонарей» пропала под Петербургом

Эксперт "Норникеля" перечислил условия для достижения независимости российской промышленности

Новости России

Президент РОАД: Почему российские машины не дешевле иномарок

Время потрачено не зря: на что у тверичей ушло 1,8 млн минут?

Три четверти россиян не пользуются RuStore

«Меня все время приветствуют криками: «Ура!»». Большое интервью Леонида Слуцкого о жизни в Китае

Экология в России и мире

«Норникель» активизирует работу Центра палладиевых технологий

Можно ли умереть, если объесться шоколадом?

Эксперт "Норникеля" перечислил условия для достижения независимости российской промышленности

Гастроэнтеролог Садыков объяснил, как длительное сидение влияет на ЖКТ

Спорт в России и мире

Медведев показал, как его семью встретили в Нью-Йорке перед US Open. Видео

В ATP сделали заявление о положительных допинг-тестах первой ракетки мира Синнера

Синнер: В матче с Тиафо все может пойти в любом направлении

Павлюченкова снялась с турнира WTA в Мексике из‑за травмы

Moscow.media

Недорогие китайские кроссоверы VGV так и не появились в России

Первая масштабная частная конференция по экосистеме Telegram, Ton и mini app в России T-LAB CONF

Виновник смертельного ДТП у ТЦ "Алатырь" вернулся в Свердловскую область

Компания Merlion стала лучшим дистрибьютором A4Tech & Bloody











Топ новостей на этот час

Rss.plus






В Мытищинской библиотеке прошел лекторий по книге «Брестская крепость»

Время потрачено не зря: на что у тверичей ушло 1,8 млн минут?

Россия продолжит отстаивать права на отнятую Латвией недвижимость

Памятник Защитникам Москвы в Хорошёво-Мнёвниках будет сохранен