Any SolarWinds Corporate Users?

[Foxbat]

I came across this over at the Internet Storm Center about how a data breach at SolarWinds allowed the compromise of the FireEye Security company.

SolarWinds Breach Used to Infiltrate Customer Networks (Solarigate)

SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events.

isc.sans.edu

There is a live ISC webcast going on now:

​

 

[ncted]

Corporate IT ran it at my previous employer. We actually objected to them trying to put it on our web infrastructure after seeing the quality of the underlying technology when we merged with them in 2015. We had already built our own automation, out of band management, and monitoring solutions based on open-source software, which, of course, the nice folks at Corporate were not willing to learn because it wasn't point and click. Ultimately it didn't matter because Corporate decided to engage in a disastrous outsourcing/offshoring project, and the sourcing partner (WiPro) used something even worse than SolarWinds from HP that looked like a C-grade undergrad senior project. At that point, my entire team was either laid off or decided to find a saner place to work.

Anyway, not surprised in the slightest someone was able to take advantage of SolarWinds Orion. It is a slapdash affair that doesn't scale well for what it does.

 

[ncted]

 

[klang]

Don't know if I should laugh or cry.

 

[mdonnelly]

Awful security breach. I read that this was installed at NSA servers, since March of this year. Who knows what sensitive info was passed to our enemies.

 

[ncted]

I'm honestly surprised anyone runs SolarWinds. It is extremely heavy for what it does, and requires a lot of resources for a network of any size. I suspect it is the kind of thing that gets sold to CIOs as a bunch of empty promises that then get half-fulfilled years down the road.

 

[Foxbat]

Okay, how bad is this news?

SolarWinds hackers accessed Microsoft source code, the company says

The hacking group behind the SolarWinds compromise was able to break into Microsoft Corp and access some of its source code, Microsoft said on Thursday, something experts said sent a worrying signal about the spies' ambition.

www.reuters.com

 

[TheKrell]

Okay, how bad is this news?

I would be worried that the hackers could figure out exploits faster than MS can patch them.

 

[waylew]

I would be worried that the hackers could figure out exploits faster than MS can patch them.

Isn't that how it already works?

 

[TheKrell]

Isn't that how it already works?

That would be even funnier if it weren't true!

 

[ncted]

Okay, how bad is this news?

IMHO, this isn't that big a deal. Consider that the source code of Linux, FreeBSD, and Darwin (the underlying code of MacOS) are freely available on the Internet. Also, security researchers already have access to MS source code for the express purpose of finding vulnerabilities which is the same thing the "hackers" would do with it.