Any SolarWinds Corporate Users?

Foxbat

Addicted to new HW
Original poster
Supporting Founder
Pub Member / Supporter
Lifetime Supporter
Nov 25, 2003
20,479
14,056
Michiana
I came across this over at the Internet Storm Center about how a data breach at SolarWinds allowed the compromise of the FireEye Security company.

There is a live ISC webcast going on now:
 
Corporate IT ran it at my previous employer. We actually objected to them trying to put it on our web infrastructure after seeing the quality of the underlying technology when we merged with them in 2015. We had already built our own automation, out of band management, and monitoring solutions based on open-source software, which, of course, the nice folks at Corporate were not willing to learn because it wasn't point and click. Ultimately it didn't matter because Corporate decided to engage in a disastrous outsourcing/offshoring project, and the sourcing partner (WiPro) used something even worse than SolarWinds from HP that looked like a C-grade undergrad senior project. At that point, my entire team was either laid off or decided to find a saner place to work.

Anyway, not surprised in the slightest someone was able to take advantage of SolarWinds Orion. It is a slapdash affair that doesn't scale well for what it does.
 
  • Sad
Reactions: TheKrell and Foxbat
Awful security breach. I read that this was installed at NSA servers, since March of this year. Who knows what sensitive info was passed to our enemies.
 
  • Wow
Reactions: TheKrell
I'm honestly surprised anyone runs SolarWinds. It is extremely heavy for what it does, and requires a lot of resources for a network of any size. I suspect it is the kind of thing that gets sold to CIOs as a bunch of empty promises that then get half-fulfilled years down the road.
 
  • Sad
Reactions: TheKrell
Okay, how bad is this news?
IMHO, this isn't that big a deal. Consider that the source code of Linux, FreeBSD, and Darwin (the underlying code of MacOS) are freely available on the Internet. Also, security researchers already have access to MS source code for the express purpose of finding vulnerabilities which is the same thing the "hackers" would do with it.
 
  • Like
Reactions: TheKrell
***

Users Who Are Viewing This Thread (Total: 1, Members: 0, Guests: 1)

Who Read This Thread (Total Members: 1)