Business
What is CrowdStrike, and how did it cripple so many computers?
Talk about irony: The software that paralyzed Windows computers around the world late Thursday night and early Friday morning was planted by a company that protects Windows computers against malware.
That company is CrowdStrike, a publicly traded cybersecurity firm based in Austin, Texas. It acknowledged the problem around 11 p.m. Thursday and started working on a solution, offering a workaround in the wee hours Friday and a fix a few hours later.
The vast sea of Blue Screens of Death triggered by CrowdStrike’s error is a testament to the market-leading status of the company’s software, which detects and defends against malicious code planted by hackers. Its approach is known as “endpoint security” because it installs its defenses on devices that connect to the internet, such as computers and smartphones.
According to the website 6sense.com, CrowdStrike has more than 3,500 customers, which represent about one of every four companies buying endpoint security. Although most of its customers are based in the United States, it has hundreds in India, Europe and Australia, 6sense reports.
Here’s a quick explanation for how things went wrong so quickly for so many Windows users around the world, including airlines, hospitals, banks and government agencies.
The Falcon Sensor update
One of the selling points of CrowdStrike service is that it can improve its defenses rapidly as new threats are discovered. As part of that service, it continuously and automatically updates the Falcon Sensor software on its customers’ machines.
Automatic updates are, under normal circumstances, a good cybersecurity practice because they prevent clients from having machines with outdated defenses on their networks. But the latest incident reveals the flip side of the coin.
According to CrowdStrike, the problem was triggered by a “single content update” for its customers with Windows PCs. The buggy code wasn’t detected until after it had downloaded and installed on many of CrowdStrike’s clients machines.
Once loaded, the bad update interfered with core functions of the PC, causing Microsoft’s infamous blue error screen to pop up and convey a message along the lines of, “Your PC ran into a problem and needs to restart.” And as long as the update remained in place, restarting the machine led to the same errant result.
The fix offered by CrowdStrike
CrowdStrike stopped sending out the faulty update early Friday morning, so machines that had not loaded it yet were spared the turmoil.
For machines caught in the cycle of blue-screen hell, the company initially offered step-by-step instructions for how to reboot Windows in a mode that would allow them to find and delete the buggy update. The drawback, as many commenters online noted, is that this machine-by-machine approach isn’t much help for organizations with hundreds or thousands of bricked PCs.
According to the tech website 404, Microsoft also suggested rebooting a crashed machine multiple times — as many as 15 — could solve the problem.
Within a few hours, CrowdStrike was distributing a piece of software that removed the buggy code. This worked only for customers whose machines were able to connect to the internet and download the fix, though; everyone else would be left with the PC-by-PC workaround.
The lessons from the CrowdStrike debacle
Some Macintosh and Linux users, who were immune to the CrowdStrike-induced upheaval, devoted a portion of their morning Friday to spiking the football on Windows, even though the problem wasn’t caused by Microsoft.
Other observers argued that the incident demonstrated the risk of having one potential point of failure affecting millions of computers — a problem that has been demonstrated repeatedly during the broadband era.
Steve Garrison, founder of Stellar Cyber in San Francisco, said it’s more important to figure out how to make improvements than to play the blame game. This incident, he said, underscores the need for companies to spend plenty of time checking the quality of their products in a controlled environment before releasing them to customers.
Another lesson, he said, is the need for companies, their competitors and their customers to work together as a community to spot problems. “What do we need to do to check the checkers of our supply chain?” he asked.
Dan O’Dowd, a developer of security software for the military, said the fiasco demonstrates that we need better software in critical systems.
“The immense body of software developed using Silicon Valley’s ‘move fast and break things’ culture means that the software our lives depend on is riddled with defects and vulnerabilities,” O’Dowd said in a statement. “Defects in this software can result in a mass failure event even more serious than the one we have seen today.”
He added, “We must convince the CEOs and Boards of Directors of the companies that build the systems our lives depend on to rewrite their software so that it never fails and can’t be hacked. … These companies will not take cybersecurity seriously until the public demands it. And we must demand it now, before a major disaster strikes.”
Times Insider explains who we are and what we do, and delivers behind-the-scenes insights into how our journalism comes together.
Politicians in Washington and the reporters who cover them have an often adversarial relationship.
But on the last Saturday in April, they gather for an irreverent celebration of press freedom and the First Amendment at the Washington Hilton Hotel: The White House Correspondents’ Association dinner.
Hosted by the association, an organization that helps ensure access for media outlets covering the presidency, the dinner attracts Hollywood stars; politicians from both parties; and representatives of more than 100 networks, newspapers, magazines and wire services.
While The Times will have two reporters in the ballroom covering the event, the company no longer buys seats at the party, said Richard W. Stevenson, the Washington bureau chief. The decision goes back almost two decades; the last dinner The Times attended as an organization was in 2007.
“We made a judgment back then that the event had become too celebrity-focused and was undercutting our need to demonstrate to readers that we always seek to maintain a proper distance from the people we cover, many of whom attend as guests,” he said.
It’s a decision, he added, that “we have stuck by through both Republican and Democratic administrations, although we support the work of the White House Correspondents’ Association.”
Susan Wessling, The Times’s Standards editor, said the policy is a product of the organization’s desire to maintain editorial independence.
“We don’t want to leave readers with any questions about our independence and credibility by seeming to be overly friendly with people whose words and actions we need to report on,” she said.
The celebrity mentalist Oz Pearlman is headlining the evening, in lieu of the usual comedy set by the likes of Stephen Colbert and Hasan Minhaj, but all eyes will be on President Trump, who will make his first appearance at the dinner as president.
Mr. Trump has boycotted the event since 2011, when he was the butt of punchlines delivered by President Barack Obama and the talk show host Seth Meyers mocking his hair, his reality TV show and his preoccupation with the “birther” movement.
Last month, though, Mr. Trump, who has a contentious relationship with the media, announced his intention to attend this year’s dinner, where he will speak to a room full of the same reporters he often derides as “enemies of the people.”
Times reporters will be there to document the highs, the lows and the reactions in the room. A reporter for the Styles desk has also been assigned to cover the robust roster of after-parties around Washington.
Some off-duty reporters from The Times will also be present at this late-night circuit, though everyone remains cognizant of their roles, said Patrick Healy, The Times’s assistant managing editor for Standards and Trust.
“If they’re reporting, there’s a notebook or recorder out as usual,” he said. “If they’re not, they’re pros who know they’re always identifiable as Times journalists.”
For most of The Times’s reporters and editors, though, the evening will be experienced from home.
“The rest of us will be able to follow the coverage,” Mr. Stevenson said, “without having to don our tuxes or gowns.”
A former female staffer who worked for Beast Industries, the media venture behind the popular YouTube channel MrBeast, is suing the company, alleging she was sexually harassed and fired shortly after she returned from maternity leave.
The employee, Lorrayne Mavromatis, a Brazilian-born social media professional, alleges in a lawsuit she was subjected to sexual harassment by the company’s management and demoted after she complained about her treatment. She said she was urged to join a conference call while in labor and expected to work during her maternity leave in violation of the Family and Medical Leave Act, according to the federal complaint filed Wednesday in the U.S. District Court for the Eastern District of North Carolina.
“This clout-chasing complaint is built on deliberate misrepresentations and categorically false statements, and we have the receipts to prove it. There is extensive evidence — including Slack and WhatsApp messages, company documents, and witness testimony — that unequivocally refutes her claims. We will not submit to opportunistic lawyers looking to manufacture a payday from us,” Gaude Paez, a Beast Industries spokesperson, said in a statement.
Jimmy Donaldson, 27, began MrBeast as a teen gaming channel that soon exploded into a media company worth an estimated $5 billion, with 500 employees and 450 million subscribers who watch its games, stunts and giveaways.
Mavromatis, who was hired in 2022 as its head of Instagram, described a pervasive climate of discrimination and harassment, according to the lawsuit.
In her complaint, she alleges the company’s former CEO James Warren made her meet him at his home for one-on-one meetings while he commented on her looks and dismissed her complaints about a male client’s unwanted advances, telling her “she should be honored that the client was hitting on her.”
When Mavromatis asked Warren why MrBeast, Donaldson, would not work with her, she was told that “she is a beautiful woman and her appearance had a certain sexual effect on Jimmy,” and, “Let’s just say that when you’re around and he goes to the restroom, he’s not actually using the restroom.”
Paez refuted the claim.
“That’s ridiculous. This is an allegation fabricated for the sole purpose of sparking headlines,” Paez said.
Mavromatis said she endured a slate of other indignities such as being told by Donaldson that she “would only participate in her video shoot if she brought him a beer.”
“In this male-centric workplace, Plaintiff, one of the few women in a high-level role, was excluded from otherwise all-male meetings, demeaned in front of colleagues, harassed, and suffered from males be given preferential treatment in employment decisions,” states the complaint.
When Mavromatis raised a question during a staff meeting with her team, she said a male colleague told her to “shut up” or “stop talking.”
At MrBeast headquarters in Greenville, N.C., she said male executives mocked female contestants participating in BeastGames, “who complained they did not have access to feminine hygiene products and clean underwear while participating in the show.”
In November 2023, Mavromatis formally complained about “the sexually inappropriate encounters and harassment, and demeaning and hostile work environment she and other female employees had been living and experiencing working at MrBeast,” to the company’s then head of human resources, Sue Parisher, who is also Donaldson’s mother, according to the suit.
In her complaint, Mavromatis said Beast Industries did not have a method or process for employees to report such issues either anonymously or to a third party, rather employees were expected to follow the company’s handbook, “How to Succeed In MrBeast Production.”
In it, employees were instructed that, “It’s okay for the boys to be childish,” “if talent wants to draw a dick on the white board in the video or do something stupid, let them” and “No does not mean no,” according to the complaint.
Mavromatis alleges that she was demoted and then fired.
Paez said that Mavromatis’s role was eliminated as part of a reorganization of an underperforming group within Beast Industries and that she was made aware of this.
Lululemon, the yoga pants and athletic clothing company, has hired a former executive from a rival, Nike, as its new chief executive.
Heidi O’Neill, who spent more than 25 years at Nike, will take the reins and join Lululemon’s board of directors on Sept. 8, the company announced on Wednesday.
The leadership change is happening during a tumultuous time for Lululemon, which had grown to $11 billion in revenue by persuading shoppers to ditch their jeans and slacks for stretchy leggings. But lately, sales have declined in North America amid intense competition and shifting fashion trends, with consumers favoring looser styles rather than the form-fitting silhouettes for which Lululemon is best known.
“As I step into the C.E.O. role in September, my job will be to build on that foundation — to accelerate product breakthroughs, deepen the brand’s cultural relevance, and unlock growth in markets around the world,” Ms. O’Neill, 61, said in a statement.
Lululemon, based in Vancouver, British Columbia, has also been entangled in a corporate power struggle over the company’s future. Its billionaire founder, Chip Wilson, has feuded with the board, nominated independent directors and criticized executives.
Lululemon’s previous chief executive, Calvin McDonald, stepped down at the end of January as pressure mounted from Mr. Wilson and some investors. One activist investor, Elliott Investment Management, had pushed its own chief executive candidate, who was not selected.
The interim co-chiefs, Meghan Frank and André Maestrini, will lead the company until Ms. O’Neill’s arrival, when they are expected to return to other senior roles. The pair had outlined a plan to revive sales at Lululemon, promising to invest in stores, save more money and speed up product development.
“We start the year with a real plan, with real strategies,” Mr. Maestrini said in an interview this year. “We make sure decisions are made fast.”
Lululemon said last month that it would add Chip Bergh, the former chief executive of Levi Strauss, to its board to replace David Mussafer, the chairman of the private equity firm Advent International, whom Mr. Wilson had sought to remove.
Ms. O’Neill climbed the organizational chart at Nike for decades, working across divisions including consumer sports, product innovation and brand marketing, and was most recently its president of consumer, product and brand. She left Nike last year amid a shake-up of senior management that led to the elimination of her role.
Analysts said Ms. O’Neill would be expected to find ways to energize Lululemon’s business and reset the company’s culture in order to improve performance.
“O’Neill is her own person who will come with an agenda of change,” said Neil Saunders, the managing director of GlobalData, a data analytics and consulting company. “The task ahead is a significant one, but it can be undertaken from a position of relative stability.”
-
Georgia3 minutes agoWildfires rage across Georgia and northern Florida amid severe drought
-
Hawaii9 minutes agoBench in Honokaʻa to Hilo storefront: Knickknackery Hawaii brings old-time island charm to Hilo
-
Idaho15 minutes agoIdaho ranks last in per pupil spending, again – Local News 8
-
Illinois21 minutes agoArlington Heights Bears fans cheer as ‘Megaprojects’ bill passes Illinois House
-
Indiana27 minutes ago99th Fire Department Instructors Conference draws 38,000 firefighters to Indy
-
Iowa33 minutes agoSee where all 9 Iowa State women’s basketball transfers ended up
-
Kentucky45 minutes agoIntrepido horse trainer, jockey, owner for Kentucky Derby 2026
-
Louisiana51 minutes ago2 critical, multiple hurt following mass shooting at Mall of Louisiana