The machines, now inaccessible, are arguably more secure than before.
(update: disproven by Crowdstrike’s blog post).
How do you mean? The current top post on the blog seems to mention .sys files as part of the problem very prominently.
Channel file “C-00000291*.sys” with timestamp of 0527 UTC or later is the reverted (good) version. Channel file “C-00000291*.sys” with timestamp of 0409 UTC is the problematic version.
https://www.crowdstrike.com/blog/technical-details-on-todays-outage/
This is not related to null bytes contained within Channel File 291 or any other Channel File.
That to me implied that the channel file wasn’t actually necessarily corrupt (or as corrupt as people thought), but that it triggered a logic error. In particular this point implies that it wasn’t from garbage zero bytes in the file.
(That said I could have worded this better, in my defense I’m sick in bed and only half thinking straight)
yeah that phrase of “null bytes” reads like addressing one of the rumours
“what was the problem?” “well it wasn’t null bytes” “so… what was it then?” “have definitely eliminated null bytes from the running!”
Aside but I have been in some weird as heck discussions about how to phrase public blog posts. A few times I’ve had to point out some phrasing is so cryptic that no one will even know what we’re talking about, and really there’s nothing wrong with being a bit clearer about what we want to express. Sometimes you’d like companies want the audience to be bewildered and confused; and I’m not totally sure where this instinct comes from.
(Though in this case they probably don’t want to share too much yet for stonk or legal reasons)