CrowdStrike Sued? — Delta Dials David Boies
2024-8-1 00:2:3 Author: securityboulevard.com(查看原文) 阅读量:3 收藏
David Boies, founding partner and chairman of Boies Schiller Flexner, LLPDelta Airlines calls in attorneys Boies Schiller Flexner to claw back airline’s⁠ ⁠cash.

CrowdStrike could be looking down the barrel of a nine-figure lawsuit: The long outage earlier this month could have cost Delta Airlines half a billion dollars. And then there’s the reputational cost. And the fees, of course.

But did Delta do due diligence? In today’s SB  Blogwatch, we keep climbing.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention:  B-2 A2A.

Is Delta the First of Many?

What’s the craic? Jordan Novet, Ari Levy and Phil Lebeau report: Delta hires David Boies to seek damages from CrowdStrike, Microsoft

Harvey Weinstein
While no suit has been filed, Delta plans to seek compensation. … The outages cost Delta an estimated $350 million to $500 million. Delta is dealing with over 176,000 refund or reimbursement requests after almost 7,000 flights were canceled.

Boies is known for representing the U.S. government in its landmark antitrust case against Microsoft and for helping win a decision that overturned California’s ban on gay marriage. He also worked with Harvey Weinstein [and] Elizabeth Holmes.

What’s this doing to CrowdStrike’s business? Harshita Mary Varghese: CrowdStrike down after report Delta Air to seek compensation

Monetary relief
CrowdStrike’s stock, which had more than doubled in 2023, has fallen over 24% since the outage, leading to a loss of over $20 billion in market valuation. … Many clients are considering slowing or pausing spending on CrowdStrike and expecting pricing concession, according to a survey by Evercore ISI:

“Nearly everyone agreed that they expect some form of monetary relief, such as discounts, service revenue credits, or free products.” The brokerage [added] that feedback from clients suggest that CrowdStrike was already discussing this with its customers.

Lest we forget, the main cause was a buggy update that wasn’t properly tested. Mazin Ahmed suggests a couple of Engineering Learnings:

CrowdStrike could have prevented this incident. … CrowdStrike released a sensor configuration update, [which] introduced a logic error that resulted in an operating system crash.

Canary deployments run an additional layer of checks to see … how it behaves once executed on a system, … to make sure that this change is not introducing critical errors. … Canary deployments are not new; they have been an engineering practice for years.

CrowdStrike Falcon should have a capability to disable kernel-based access on a subsequent reboot. … In cases where the machine lands in a Windows [recovery] mode, the architecture can also be designed to disable kernel-level components and run safely.

IANAL. AYAL? jredwards is not a lawyer, either:

I’m no lawyer. But I have to imagine that if Delta can successfully sue CrowdStrike for this, enough other lawsuits will follow that CrowdStrike would be forced into bankruptcy.

Naturally, the license agreement limits liability to fees paid. But UnknownUnknown has other ideas:

Just because it says that in the T&C’s does not stop some whacked out judge — say in East Texas — finding against them for something. … Delta will win any ****s on the table contest.

How come American, United and Frontier aren’t suing? Proper prior planning, posits topgun966:

The core issue was Delta did not have a proper DR [disaster recovery] plan ready [nor] a proper IT business continuity plan. … UA, AA, and F9 recovered so fast because they had plans on stand-by and engaged them immediately. … UA and AA [had] robust DR plans staged everywhere from the server farms, to cloud solutions, to end-user stations at airports.

DL outsources a lot of their IT. UA and AA … did not hold back paying [overtime] for staff. UA and AA have just as much reliance on Windows as Delta. AA was recovered by end of day Friday and resumed normal operations Saturday. UA was about 12 hours behind them having it resolved by Saturday morning, resuming normal schedules Saturday afternoon.

A smoking gun? Canberra1 agrees:

Delta and their executives should have had … a DR plan. Looks like they were the worst of the lot for DR negligence — where was the warm or hot site to cutover too? When did they evaluate the reliability of any of their third party software suppliers? Pretty sure Airlines have National Security considerations to uphold, and looks like they failed here, too.

Other Airlines managed, and probably quite a few banks. … I hope everyone who missed their flight gets a bonus $10 coffee voucher too.

Oh yeah. The giftcard “apology” was a truly weird bit of the story. satireplusplus pictures the scene:

Who’s stupid idea was that? … CrowdStrike boys all sitting at the table. We need ideas guys! Anythin? Anythin! How about a $10 Uber Eats giftcard for every customer? Yeah let’s go with that!

Meanwhile, Suppafly can’t wait:

It’ll be interesting to see some of the discovery if this goes to trial, it’s going to reveal how ****ty of an airline that Delta is.

And Finally:

B-2 / T-38 formation (raw footage)

Previously in And Finally

You have been reading SB  Blogwatch by Richi  Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites—so you don’t have to. Hate mail may be directed to  @RiCHi, @richij, @[email protected], @richi.bsky.social or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.

Image sauce: BSF LLP

Recent Articles By Author


文章来源: https://securityboulevard.com/2024/07/crowdstrike-delta-boies-richixbw/
如有侵权请联系:admin#unsafe.sh