Ep6: After CrowdStrike chaos, should Microsoft kick EDR agents out of Windows kernel?

Three Buddy Problem - Episode 6: As the dust settles on the CrowdStrike incident that blue-screened 8.5 million Windows computers worldwide, we dig into CrowdStrike’s preliminary incident report, the lack of transparency in the update process and the need for more robust testing and validation. We also discuss Microsoft's responsibility to avoid infinite BSOD loops, risks of deploying EDR agents on critical systems, and how an EU settlement is being blamed for EDR vendors having access to the Windows kernel. Other topics on the show include Mandiant's attribution capabilities, North Korea’s gov-backed hacking teams launching ransomware on hospitals, KnowBe4 hiring a fake North Korean IT worker, and new developments in the NSO Group surveillance-ware lawsuit. Hosts: Costin Raiu (Art of Noh), Juan Andres Guerrero-Saade (SentinelLabs), Ryan Naraine (SecurityWeek)Links:Episode transcript (Unedited, AI-generated)Official CrowdStrike preliminary post-mortemMicrosoft VP David Weston on CrowdStrike outageMicrosoft VP John Cable on the path forwardMatt Suiche: Bob and Alice in Kernel-landRe-learning Lessons from the CrowdStrike OutageEp5: CrowdStrike's faulty updateMandiant Report on North Korea's APT45CISA Advisory on North Korea APT45KnowBe4 Hires North Korean Fake IT WorkerIsrael’s attempt to sway NSO/WhatsApp spyware case