Skip Navigation

Sysadmin @lemmy.world

cm0002 @lemmy.world

2d ago

Delta can sue CrowdStrike over computer outage that caused 7,000 canceled flights

www.reuters.com

reuters.com

28 comments

Did any of the passengers on those 7,000 flights get any compensation? Or just a "so sorry, out of our control?"
Looks like delta tried to dismiss the passengers claims, but they are being sued for it.

Inb4 an out of court settlement happens in about a year and a half with CS not admitting fault but paying an undisclosed amount to Delta.
The Atlanta-based judge also let Delta pursue a computer trespass claim, and a narrowed claim that CrowdStrike fraudulently promised not to introduce an "unauthorized back door" into the carrier's computers.
Also, this will be interesting.
- unauthorized back door
  Isn't autoupdating software by definition an authorized backdoor by virtue of enabling it? The whole premise of CrowdStrike is continuous updates for attacks they see in the wild on other companies' systems.
  Also if anything CrowdStrike did the opposite of a backdoor since everyone needed to find their BitLocker keys to get back in and clean this mess. It locked out the front and back door.
  
  There was an additional auto update function that wasn't disclosed. Delta had disabled the auto update because, like many large companies, they prefer to deploy changes incrementally so that an issue doesn't blow-up all their systems at once.
  So...
  Isn't autoupdating software by definition an authorized backdoor by virtue of enabling it?
  Yes. Which is why they contend disabling it makes it unauthorized.
  
  Yes crowd strike is a huge security risk
  
  I wouldn't call an auto update mechanism an unauthorised backdoor, it is required behaviour for that kind of software.

Can I sue them for the 13 people that threw shit at me because I couldn't get them their stupid addiction tickets?
- ... their stupid addiction tickets?
  What are addiction tickets?
  
  Lottery tickets, usually scratch offs
- I feel sorry fot you but I must ask, was it literal shit?
  
  No, just random items. Whatever was close. I got hit in the face with a can of pepsi. That wasn't fun.
- is Stupid Addiction a band name?

I work for a company that formerly used CrowdStrike. Since the event we no longer do.

Its okay they gave ubereats vouchers. That should cover everything

*clownstrike

When this happened it was pretty clear (to me, I was at least) that Delta didn't have an actual BCP. This is their CYA lawsuit and should be throw out - their negligence predates CloudStrike's incompetence.
- That notwithstanding, iirc the update was pushed to all of their "rings" even the n+2 or whatever.
  Cs clearly fucked up and I don't see why they shouldn't be penalized for it.

28 comments