| Rich Kulawiec via plug on 31 Dec 2020 13:59:00 -0800 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] OT: SolarWinds |
On Thu, Dec 31, 2020 at 12:25:15PM -0500, Rich Freeman wrote: > Ah, apparently "well-known" means well-known to you. If you polled > 95% of those in professional IT roles I suspect they would disagree > with you. If you'd like to believe a poll, then by all means be my guest. I prefer to believe the evidence that shows up in my logs and/or in the logs of other people who've done similar (but different) research. > You left out the far more likely #3 - that "theirhost" has nothing to > with Office 365. > > Are you sure you aren't conflating Office 365 with Azure or something > else? Yes, I'm quite certain. But to paraphrase what I said: if you don't believe me, and it's become pretty clear that you won't no matter what I say or what I show you, then *do your own homework*. If you do, and if you're diligent and patient about it (I've been doing this work since July 2001), then you're eventually going to see things much more interesting and/or alarming than this. Or you could try reading. There are a lot of mailing lists, web sites, etc. where these sorts of things are reported and discussed. Most are open/public, some are private/invitation-only, some are highly useful, some aren't. Or you could just believe Microsoft, as quoted in this story published today: Microsoft says Russians hacked its network, viewing source code https://www.washingtonpost.com/national-security/microsoft-russian-hackers-source-coce/2020/12/31/a9b4f7cc-4b95-11eb-839a-cf4ba7b7c48c_story.html Excerpt: "We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories," the firm said in a blog post. I think it's eminently reasonable to suggest that an adversary well-resourced and capable enough to help itself to Microsoft's crown jewels would really not have much difficulty going anywhere else in their operation that they chose to: Office365, Azure, whatever. Which they may or may not have, in this particular instance...but this is hardly the first time Microsoft's been successfully attacked, and it certainly won't be the last. There is nothing magical that makes their operation or various parts of it impervious. Especially because the attackers now have some corpus of source code (if they didn't already). Given the way this attack was conducted I doubt that's just an accidental byproduct. ---rsk ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug