Re: [PLUG] OT: SolarWinds

Rich Kulawiec via plug on 16 Dec 2020 03:36:36 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] OT: SolarWinds

From: Rich Kulawiec via plug <plug@lists.phillylinux.org>
To: plug@lists.phillylinux.org
Subject: Re: [PLUG] OT: SolarWinds
Date: Wed, 16 Dec 2020 06:36:30 -0500
Reply-to: Rich Kulawiec <rsk@gsp.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mutt/1.5.23 (2014-03-12)

On Tue, Dec 15, 2020 at 11:50:51AM -0500, Mike Leone via plug wrote:
> We got a SolarWinds notification last night, and this morning, one of my
> co-workers updated to the latest version. 2020-02.1 HF1

Given this:

Security researcher Vinoth Kumar told Reuters that, last year,
he alerted the company that anyone could access SolarWinds update
server by using the password "solarwinds123".

and this:

Others - including Kyle Hanslovan, the cofounder of Maryland-based
cybersecurity company Huntress - noticed that, days after
SolarWinds realized their software had been compromised, the
malicious updates were still available for download.

both of which are quotes from this:

Hackers used SolarWinds' dominance against it in sprawling spy campaign
https://www.reuters.com/article/global-cyber-solarwinds/hackers-at-center-of-sprawling-spy-campaign-turned-solarwinds-dominance-against-it-idUSKBN28P2N8

my recommendation would not be that you update it. My recommendation
would be that you deinstall it and wipe/reload/restore the system(s)
which were infected with it.

Why? Three reasons.

First, because these are appalling mistakes. If they were a tiny startup
or an underfunded nonprofit I could cut them some slack, but they're
a $6B company whose products are installed all of the place. With great
power comes great responsibility.

Second, because the company that made these mistakes quite likely made
others, equally or more egregious, that we don't know about yet. I say
that because I've seen this movie before, many times, and it always
ends the same way.

Third, because I wouldn't want to be the person that has to explain --
to management, to auditors, to regulatory agencies, to anybody --
why I kept running software from a company that has already stacked
quite a bit of proof on the table that it's not competent to secure
that software. *Last* week, before we knew all this, there might
have been some valid excuses. *This* week there are none.

---rsk
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] OT: SolarWinds
  - From: "K.S. Bhaskar via plug" <plug@lists.phillylinux.org>

References:
- [PLUG] OT: SolarWinds
  - From: Eric Lucas via plug <plug@lists.phillylinux.org>
- Re: [PLUG] OT: SolarWinds
  - From: jeffv via plug <plug@lists.phillylinux.org>
- Re: [PLUG] OT: SolarWinds
  - From: Keith via plug <plug@lists.phillylinux.org>
- Re: [PLUG] OT: SolarWinds
  - From: Mike Leone via plug <plug@lists.phillylinux.org>

Prev by Date: [PLUG] Retro Machine maybe off topic
Next by Date: Re: [PLUG] IoT Unravelled: parts 1 to 5
Previous by thread: Re: [PLUG] OT: SolarWinds
Next by thread: Re: [PLUG] OT: SolarWinds
Index(es):
- Date
- Thread