Ask HN: Falcon CrowdStrike compromises /dev/urandom security?

1 point

2 years ago

I was recently asked to install Falcon CrowdStrike on a personal machine for work. While going about my duties I observed the following strange behaviour, in which /dev/urandom appeared to be leaking files from my local filesystem in the output. Here is a .gif [0] illustrating the behavior.

I have two questions. First, is this behavior expected during the normal operation of Falcon CrowdStrike?

Secondly, and if so, does this not present a significant security risk to all endpoints deployed with CrowdStrike sensor software? My understanding is that /dev/urandom is a source of entropy, and having regular, predictable data being output from /dev/urandom could impact random number generators and other cryptographic primitives.

[0] https://web.archive.org/web/20240221134626/https://i.imgur.com/O4PMDgS.gif

5 comments