Techly NewsGet the app

Get the latest tech news

Rust doesn't solve the CrowdStrike outage


Look, I like Rust. I really, really do, and I agree with the premise that memory-unsafe languages like C++ should not be used anymore. But claiming that Rust would have prevented the massive outage that the world went through last Friday is misleading and actively harmful to Rust’s evangelism.

And it must be tamper-proof so that “savvy” corporate users don’t disable it when they read sketchy online instructions to fix their broken WiFi in an attempt to ( shudder) not have to create IT tickets. Certain security certifications require “endpoint protection” as a line item and it seems perfectly plausible that most IT departments just deploy Falcon due to aggressive marketing from CrowdStrike’s part and call it a day without putting any more thought into it. Rust’s memory safety would minimize the chances that a malformed configuration file could exploit bugs like buffer overflows to escalate privileges within the kernel, resulting in much more subtle, but dangerous, attacks.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of CrowdStrike

CrowdStrike

Photo of Rust

Rust

Photo of CrowdStrike outage

CrowdStrike outage

Related news:

News photo

Cybercrooks spell trouble with typosquatting domains amid CrowdStrike crisis

News photo

Fake CrowdStrike repair manual pushes new infostealer malware

News photo

CrowdStrike outage briefly impacted national organ transplant matching system

« Verizon to pay $16 million in TracFone data breach settlement