Ep6: After CrowdStrike chaos, should Microsoft kick EDR agents out of Windows kernel?

Three Buddy Problem - Episode 6: As the dust settles on the CrowdStrike incident that blue-screened 8.5 million Windows computers worldwide, we dig into CrowdStrike’s preliminary incident report, the lack of transparency in the update process and the need for more robust testing and validation. We also discuss Microsoft's responsibility to avoid infinite BSOD loops, risks of deploying EDR agents on critical systems, and how an EU settlement is being blamed for EDR vendors having access to the Windows kernel. Other topics on the show include Mandiant's attribution capabilities, North Korea’s gov-backed hacking teams launching ransomware on hospitals, KnowBe4 hiring a fake North Korean IT worker, and new developments in the NSO Group surveillance-ware lawsuit. Hosts: Costin Raiu (Art of Noh), Juan Andres Guerrero-Saade (SentinelLabs), Ryan Naraine (SecurityWeek)Links:Episode transcript (Unedited, AI-generated)Official CrowdStrike preliminary post-mortemMicrosoft VP David Weston on CrowdStrike outageMicrosoft VP John Cable on the path forwardMatt Suiche: Bob and Alice in Kernel-landRe-learning Lessons from the CrowdStrike OutageEp5: CrowdStrike's faulty updateMandiant Report on North Korea's APT45CISA Advisory on North Korea APT45KnowBe4 Hires North Korean Fake IT WorkerIsrael’s attempt to sway NSO/WhatsApp spyware case

Om Podcasten

The Three Buddy Problem is a popular Security Conversations podcast that goes beyond industry talking points to discuss what others won’t -- nation-state malware, attribution, cyberwar, ethics, privacy, and the messy realities of securing computers and corporate networks. Hosted by three veteran security pros -- journalist Ryan Naraine and malware paleontologists Costin Raiu and Juan Andres Guerrero-Saade -- the weekly show attracts a highly engaged audience of security researchers, corporate defenders, CISOs, and policymakers. Connect with Ryan on Twitter (Open DMs).