Solar wind cosy bear hack
Discussion
I did try and see if there is a thread on this already and couldn’t see one in NPE (not interested in IT fora).
https://www.theregister.com/2020/12/15/solar_winds...
The tldr version. Russian gov hacking outfit accessed solar winds services (commercial security company (!) )to be able install back door access via a software update. Apparently gave full control mode once accessed.
Hacked targets: Pentagon, state department, NASA, NSA, DoJ and.. the Whtehouse.
As well as hundreds of commercial firms.
Unbelievable. And the U.K. impact is still to be confirmed.
This has been going on since March.
Words fail me.
https://www.theregister.com/2020/12/15/solar_winds...
The tldr version. Russian gov hacking outfit accessed solar winds services (commercial security company (!) )to be able install back door access via a software update. Apparently gave full control mode once accessed.
Hacked targets: Pentagon, state department, NASA, NSA, DoJ and.. the Whtehouse.
As well as hundreds of commercial firms.
Unbelievable. And the U.K. impact is still to be confirmed.
This has been going on since March.
Words fail me.
Edited by Ridgemont on Thursday 17th December 01:20
Some scary things coming out that don't reflect well on their security practises.
Security Researcher Reveals Solarwinds' Update Server Was 'Secured' With The Password 'solarwinds123'
Security Researcher Reveals Solarwinds' Update Server Was 'Secured' With The Password 'solarwinds123'
Ridgemont said:
I did try and see if there is a thread on this already and couldn’t see one in NPE (not interested in IT fora).
https://www.theregister.com/2020/12/15/solar_winds...
The tldr version. Russian gov hacking outfit accessed solar winds services (commercial security company (!) )to be able install back door access via a software update. Apparently gave full control mode once accessed.
Hacked targets: Pentagon, state department, NASA, NSA, DoJ and.. the Whtehouse.
As well as hundreds of commercial firms.
Unbelievable. And the U.K. impact is still to be confirmed.
This has been going on since March.
Words fail me.
Is there something weird with the comments on The Register? It appear that one commentor often replies to themselves, having a conversation of sorts with themself.https://www.theregister.com/2020/12/15/solar_winds...
The tldr version. Russian gov hacking outfit accessed solar winds services (commercial security company (!) )to be able install back door access via a software update. Apparently gave full control mode once accessed.
Hacked targets: Pentagon, state department, NASA, NSA, DoJ and.. the Whtehouse.
As well as hundreds of commercial firms.
Unbelievable. And the U.K. impact is still to be confirmed.
This has been going on since March.
Words fail me.
Edited by Ridgemont on Thursday 17th December 01:20
Edit: I've worked it out - it's a guest account for non-members....... Crikey I thought that person spends a lot of time on that site.......
Lots of eggs all protected by one big basket that had flaws a basic security assessment should have picked up.
Their update process was an insecure joke.
As was anyone who built a network where data could be exfiltrated by a patched monitoring package - surely a basic principle is that you trust *nothing* enough that a single system is capable of compromising everything.
Plus some people trust their tools far too much - most of this monitoring stuff (even when not compromised by the FSB) doesn't seem to give a properly accurate or detailed view of anything if you really start digging into it. Mostly it seems to work just well enough to make you happy that it does something for the money and that you're keeping an eye on things, right up to the point where something properly bad happens.
(I may be slightly jaded after dealing with some supposedly top end specialists/kit who when something actually needed tracing had monitoring records that didn't tie up with known facts, and when push came to shove couldn't really trace anything accurately across their hugely expensive 'secure' infrastructure.)
Their update process was an insecure joke.
As was anyone who built a network where data could be exfiltrated by a patched monitoring package - surely a basic principle is that you trust *nothing* enough that a single system is capable of compromising everything.
Plus some people trust their tools far too much - most of this monitoring stuff (even when not compromised by the FSB) doesn't seem to give a properly accurate or detailed view of anything if you really start digging into it. Mostly it seems to work just well enough to make you happy that it does something for the money and that you're keeping an eye on things, right up to the point where something properly bad happens.
(I may be slightly jaded after dealing with some supposedly top end specialists/kit who when something actually needed tracing had monitoring records that didn't tie up with known facts, and when push came to shove couldn't really trace anything accurately across their hugely expensive 'secure' infrastructure.)
pquinn said:
Lots of eggs all protected by one big basket that had flaws a basic security assessment should have picked up.
Their update process was an insecure joke.
As was anyone who built a network where data could be exfiltrated by a patched monitoring package - surely a basic principle is that you trust *nothing* enough that a single system is capable of compromising everything.
Plus some people trust their tools far too much - most of this monitoring stuff (even when not compromised by the FSB) doesn't seem to give a properly accurate or detailed view of anything if you really start digging into it. Mostly it seems to work just well enough to make you happy that it does something for the money and that you're keeping an eye on things, right up to the point where something properly bad happens.
(I may be slightly jaded after dealing with some supposedly top end specialists/kit who when something actually needed tracing had monitoring records that didn't tie up with known facts, and when push came to shove couldn't really trace anything accurately across their hugely expensive 'secure' infrastructure.)
Agree with all of that. The swiss cheese model appliesTheir update process was an insecure joke.
As was anyone who built a network where data could be exfiltrated by a patched monitoring package - surely a basic principle is that you trust *nothing* enough that a single system is capable of compromising everything.
Plus some people trust their tools far too much - most of this monitoring stuff (even when not compromised by the FSB) doesn't seem to give a properly accurate or detailed view of anything if you really start digging into it. Mostly it seems to work just well enough to make you happy that it does something for the money and that you're keeping an eye on things, right up to the point where something properly bad happens.
(I may be slightly jaded after dealing with some supposedly top end specialists/kit who when something actually needed tracing had monitoring records that didn't tie up with known facts, and when push came to shove couldn't really trace anything accurately across their hugely expensive 'secure' infrastructure.)
Gassing Station | News, Politics & Economics | Top of Page | What's New | My Stuff