Rich Kulawiec via plug on 16 Dec 2020 03:36:36 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] OT: SolarWinds

On Tue, Dec 15, 2020 at 11:50:51AM -0500, Mike Leone via plug wrote:
> We got a SolarWinds notification last night, and this morning, one of my
> co-workers updated to the latest version. 2020-02.1 HF1

Given this:

	Security researcher Vinoth Kumar told Reuters that, last year,
	he alerted the company that anyone could access SolarWinds update
	server by using the password "solarwinds123".

and this:

	Others - including Kyle Hanslovan, the cofounder of Maryland-based
	cybersecurity company Huntress - noticed that, days after
	SolarWinds realized their software had been compromised, the
	malicious updates were still available for download.

both of which are quotes from this:

	Hackers used SolarWinds' dominance against it in sprawling spy campaign

my recommendation would not be that you update it.  My recommendation
would be that you deinstall it and wipe/reload/restore the system(s)
which were infected with it.

Why?  Three reasons.

First, because these are appalling mistakes.  If they were a tiny startup
or an underfunded nonprofit I could cut them some slack, but they're
a $6B company whose products are installed all of the place.  With great
power comes great responsibility.

Second, because the company that made these mistakes quite likely made
others, equally or more egregious, that we don't know about yet.  I say
that because I've seen this movie before, many times, and it always
ends the same way.

Third, because I wouldn't want to be the person that has to explain --
to management, to auditors, to regulatory agencies, to anybody --
why I kept running software from a company that has already stacked
quite a bit of proof on the table that it's not competent to secure
that software.  *Last* week, before we knew all this, there might
have been some valid excuses.  *This* week there are none.

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --