this post was submitted on 14 Aug 2024
135 points (99.3% liked)

Netsec

701 readers
1 users here now

netsec is a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise — to provide value to security practitioners, students, researchers, and hackers everywhere. ‎

Rules

  1. Don't do unto others what you don't want done unto you.
  2. No Porn, Gore, or NSFW content. Instant Ban.
  3. No Spamming, Trolling or Unsolicited Ads. Instant Ban.
  4. Stay on topic in a community. Please reach out to an admin to create a new community.

founded 2 years ago
MODERATORS
 

CrowdStrike – a company that advertises itself as stopping breaches using “AI-native cybersecurity” – recently failed to deliver in a spectacular fashion.

One of its faulty updates (for Windows) caused a massive global outage across different industries and services, including hospitals and airports.

This latest poster child for “single point of failure,” and why IT systems should not be centralized to the degree they are, now apparently sees making false copyright claims, thus abusing the DMCA, as one way of damage control.

The recipient of the takedown attempt is a parody site, ClownStrike. Created by IT consultant David Senk, clownstrike.lol went online on July 24, in the wake of the embarrassing and costly (damages are said to run into billions) episode caused by CrowdStrike.

But despite ostensibly having more pressing issues to deal with, a week later Cloudflare (that hosted the parody site) sent Senk a DMCA notice issued on behalf of CrowdStrike by CSC Digital Brand Services.

CrowdStrike wanted its logo, which is seen “fading into a cartoon clown” on Senk’s site removed, and threatened that otherwise the site would be shut down, writes Ars Technica.

But the site is clearly a parody one, which would protect Senk’s display of the logo as fair use under the DMCA. However, this story has two “bad guys” – in addition to CrowdStrike, there’s Cloudflare.

When Senk contested the takedown notice on fair use grounds, Cloudflare ignored it, and then sent him another email reiterating the copyright infringement accusations – and then, again ignored the site creator’s counterclaim.

Senk has switched to a server in Finland, where he feels companies are “less susceptible to DMCA takedown requests.”

Now the site also features the CSC logo (with a clown wig). And it’s been updated with Senk’s thoughts on corporate cyberbullies, Cloudflare’s “hilariously ineffective” system of countering copyright notices, and other rant-worthy topics.

Ars Technica suggests that ClownStrike may have simply got caught up in as many as 500 notices CrowdStrike has been sending left and right these days to ensure “proactive fraud management activities (…) to help prevent bad actors from exploiting current events.”

Senk’s description of this statement? “Typical corporate bullshit (taking) zero accountability.”

you are viewing a single comment's thread
view the rest of the comments

That story is focused on #CloudSTRIKE but the bigger more remarkable demon here is #CloudFLARE.

This story demonstrates Cloudflare acting as a proxy bully of their own customer, on behalf of CloudStrike by pushing a frivilous #DMCA take-down demand. CF took the spineless route as it sees CloudStrike as having more muscle than their customer. After CF joins the Goliath side of the David vs. Goliath battle, CF ignores Senk’s responses and keeps proxying threats.

Senk bounced from Cloudflare and went to a provider who has his back. #ArsTechnica publishes Cloudflare’s conduct. As embarrassment hits Cloudflare and David (Senk) starts winning against Goliath (CloudStrike), CF changes their tune. Suddenly they are on Senk’s side, saying “come back, we’ll protect you -- we promise we didn’t get your messages”. LOL. Senk should do a parody site for Cloudflare too.

Senk’s mistake: leaving CF. He should have waited until CF actually booted him. Then that would have more thoroughly exposed CF’s shitty actions. Senk gave CF an easy out.

Interesting to note how a human on the side of civil rights who advocates decentralisation was treated with hostility by Cloudflare. Yet CF is fine with sheltering actual criminals.