CISA Issue Emergency Directive To All Federal Civilian Agencies To Power Down SolarWinds Orion Products Immediately Due to Hack

[Blade of Grass]

13 hours ago, pinksnowbirdie said:

probably explains the real or part of the reason Chris Krebs was fired

lol, sounds like a baseless explanation. 

13 hours ago, imreloadin said:

Good thing SolarWinds' CEO managed to sell $15,000,000 worth of SolarWinds' stock before all this happened back on 11/18/20 & 11/19/20...

 

 

Source: https://finance.yahoo.com/news/solarwinds-corp-swi-president-ceo-181502379.html

8 hours ago, StDragon said:

Depending on what he knew and when, it could be a case of insider trading per the SEC. Or, it could be just one heck of a coincidence and good luck.

 

2 hours ago, imreloadin said:

If you look at the source there were 4 other SolarWinds executives who sold around $5 million worth of SolarWinds stock around the same time, they all knew

SEC Rule 10b5, I'm sure these were all planned sales made months in advanced, if not scheduled to happen regularly. No company would willing let their company trade on MNPI, and obviously the SEC will have a very easy slam dunk case if they did. 

[TargetDron3]

On 12/14/2020 at 2:01 PM, StDragon said:

Definitely sponsored by a nation-state. The hackers weren't simply there to exploit for profit. This has all the hallmarks of spying / espionage. They snuck in and stayed there like a camping ninja for a very long time.

 

No one wins thermonuclear warfare.

 

If you're Russia, they can get away with anything. All you can do on the receiving side is defense. Offense is not an option lest it lead to kinetic action.

Whatever. Due to the lack of solarwinds monitoring, the missile silo xa-645 accidentally launched it's payload at Moscow. 

[StDragon]

1 hour ago, TargetDron3 said:

Whatever. Due to the lack of solarwinds monitoring, the missile silo xa-645 accidentally launched it's payload at Moscow. 

My point is that this is a "new normal" for hostile nation states to engage in. Call it a new Cold War II if you want.

 

There are two fundamental ways of mitigating against hacking and espionage

• Pay people the talent they're worth to securely develop applications and maintain IT infrastructure including securing assets within their sphere of control. Otherwise pay cheap, get cheap results.
• Go back to pen, paper, and filing cabinets. Meaning, get that information offline.

 

[leadeater]

7 hours ago, StDragon said:

Pay people the talent they're worth to securely develop applications and maintain IT infrastructure including securing assets within their sphere of control. Otherwise pay cheap, get cheap results

I'd also like to add to this with a caveat of less managers and delegated authority and responsibility, hand as much as reasonable back to technical employees and sections. For what ever reason managers seem to think more management layers and more oversight will help resolve issues and improve things where as in my experience it just add road blocks, slows things down and important decision making gets grid locked or removed from the people that should actually be doing it.

 

Nothing annoys me more than Change Advisory Boards filled only with managers discussing the approval of change requests for technical changes, second equal to that is having to write business cases for spend budgets already allocated to your section already broken down in to Servers, Storage, Software etc and yet for some reason a business case is required to purchase additional storage shelf, why? Why does such a thing need to get approval outside of both the Infrastructure Manager and the Infrastructure and Operations Associate Director. The amount of FTE time wasted on all this could almost pay for what is being required to be purchased.

 

Stupid policies and bad governance produces waste and reduces overall effectiveness, more of either is not the fix only better of these.

[Lurick]

12 minutes ago, leadeater said:

I'd also like to add to this with a caveat of less managers and delegated authority and responsibility, hand as much as reasonable back to technical employees and sections. For what ever reason managers seem to think more management layers and more oversight will help resolve issues and improve things where as in my experience it just add road blocks, slows things down and important decision making gets grid locked or removed from the people that should actually be doing it.

 

Nothing annoys me more than Change Advisory Boards filled only with managers discussing the approval of change requests for technical changes, second equal to that is having to write business cases for spend budgets already allocated to your section already broken down in to Servers, Storage, Software etc and yet for some reason a business case is required to purchase additional storage shelf, why? Why does such a thing need to get approval outside of both the Infrastructure Manager and the Infrastructure and Operations Associate Director. The amount of FTE time wasted on all this could almost pay for what is being required to be purchased.

 

Stupid policies and bad governance produces waste and reduces overall effectiveness, more of either is not the fix only better of these.

I hear your complaint "fellow co-worker" and as such I have decided we will now enact additional management teams to provide additional support to our engineers. There will be 3 managers per engineer with at least two additional levels of management in between to ensure proper filtration of information in a timely and seamless manner. Fear not though, as your loving CEO, I will continue to listen to you and take your feedback to heart as you are what drives this company!

[leadeater]

8 minutes ago, Lurick said:

I hear your complaint "fellow co-worker" and as such I have decided we will now enact additional management teams to provide additional support to our engineers. There will be 3 managers per engineer with at least two additional levels of management in between to ensure proper filtration of information in a timely and seamless manner. Fear not though, as your loving CEO, I will continue to listen to you and take your feedback to heart as you are what drives this company!

For anyone reading this it sounds like a joke but this actually happens 

 

[spartaman64]

https://www.techdirt.com/articles/20201215/13203045893/security-researcher-reveals-solarwinds-update-server-was-secured-with-password-solarwinds123.shtml

apparently the password to their update server was solarwind123 LUL

[StDragon]

2 hours ago, spartaman64 said:

https://www.techdirt.com/articles/20201215/13203045893/security-researcher-reveals-solarwinds-update-server-was-secured-with-password-solarwinds123.shtml

apparently the password to their update server was solarwind123 LUL

That's just as bad as Password123 .

 

I'm thinking the keyboard needs to be made out of metal; so the user is shocked into submission for using stupid credentials. 

[Intergalacticbits]

I just caught the very end of this story on ABC national news tonight.

What is funny to me is that this post was made Monday but I think the guy on the news said that it was a just breaking story lol.

So I came here first to look for it in a Tech News post cause you guys are always quick on that stuff.

 

I think he was saying that it was the Russians and that they had access since spring time.

Wow that seems like a very long time to be in peoples secure networks.

Man it must be brown trousers time right about now. 

If your the people in charge of making stuff secure for one of these companies or agencies.

 

I wish I had those kind of job skills though.

What fun it must be doing that kind of work, fighting the Russians and other bad online players in big important secure government networks.

Making big cash doing it.

I wish I was all that.

 

 

  

[CarlBar]

On 12/16/2020 at 12:58 PM, leadeater said:

For anyone reading this it sounds like a joke but this actually happens 

 

 

It could be worse, you could have direct access to your managers, have them listen and understand everything you tell them, and then still go and do things to make your life impossible knowing thats what it will do.

[Dataanti]

how did they not talk about the biggest hack ever in todays wan show... like this is the big news the world should be concerned about, it does not only effect the US. there is no understating how big of an issue this is, it blows my mind they did not cover it. I really hope they do an in depth deep dive into this on a separate dedicated video.