General Discussion

klook

(13,604 posts)

85. Hard to defend against human foibles.

Thu Dec 17, 2020, 02:31 PM

Dec 2020

SolarWinds exposed FTP credentials in Public Github Repository
SolarWinds exposed their FTP server credentials in a public Github repo, which was identified by cybersecurity expert Vinoth Kumar who reported it to SolarWinds in 2019. Did some poor security practices lead to the US Government breach?
- SaveBreach.com

...the SolarWinds breach seems to be just another case of gross carelessness and weak credentials. Although not confirmed by official sources, this is what we can conjecture for now. This reveals a very important piece of the puzzle, that is the attack was possibly not as sophisticated as it was reported to be.

Good information at https://savebreach.com/solarwinds-credentials-exposure-led-to-us-government-fireye-breach/

Updated info in this Twitter thread says the credentials were exposed as far back as June 2018:
https://threadreaderapp.com/thread/1338929932647477257.html

Edit history

Please sign in to view edit histories.

Recommendations

0 members have recommended this reply (displayed in chronological order):

128 replies

= new reply since forum marked as read

Highlight:

Microsoft unleashes 'Death Star' on SolarWinds hackers in extraordinary response to breach [View all] SheltieLover Dec 2020 OP

I am so glad we have Bill Gates on our side. nt leftyladyfrommo Dec 2020 #1

Me too! SheltieLover Dec 2020 #2

He and his wife are amazing. nt leftyladyfrommo Dec 2020 #3

Yes, they truly are! SheltieLover Dec 2020 #4

They are saving millions from suffering from Malaria grantcart Dec 2020 #5

They sure are! SheltieLover Dec 2020 #10

Why? he doesn't work for Microsoft anymore. BadgerKid Dec 2020 #7

Exactly. plimsoll Dec 2020 #42

SolarWinds123 SergeStorms Dec 2020 #57

Yes, but I'll bet they still take his calls! Dyedinthewoolliberal Dec 2020 #84

I appreciate and respect Mr. Gates Marthe48 Dec 2020 #81

This message was self-deleted by its author CatLady78 Dec 2020 #122

I haven't read the link yet, but I hope there's more specific information on liberalla Dec 2020 #6

Yes, there is quite a bit of info in the article! SheltieLover Dec 2020 #8

And who's going to prosecute them? SergeStorms Dec 2020 #58

Remains to be seen. SheltieLover Dec 2020 #59

Yes. But soon we'll have a patriotic executive branch. BadgerMom Dec 2020 #83

I was replying to... SergeStorms Dec 2020 #107

Got it BadgerMom Dec 2020 #111

Interpol Red Corner notices can be a huge issue DonaldsRump Dec 2020 #115

The US Cyber Command can, and has... reACTIONary Dec 2020 #103

The question wasn't about retaliation.... SergeStorms Dec 2020 #106

This message was self-deleted by its author BrightKnight Dec 2020 #120

I believe they can be extradited from various Ilsa Dec 2020 #117

Microsoft has assigned quite substantial resources to fighting the hackers. BSdetect Dec 2020 #9

No response from chump SheltieLover Dec 2020 #13

This reads like industry hype Ponietz Dec 2020 #11

Proactive would have been smart SheltieLover Dec 2020 #14

Just limiting the damage is like not prosecuting and punishing those in the Trump admin. Ligyron Dec 2020 #30

Shouldn't matter if they respond. notinkansas Dec 2020 #86

Agreed, but the first job in cleaning up a mess like this... paleotn Dec 2020 #34

yep oioioi Dec 2020 #60

Ponletz, that was my reaction, too. It's a puff piece about how awesome Microsoft is. I'm waiting Nitram Dec 2020 #99

Hi Nitram, I just read the latest Washington Post article Ponietz Dec 2020 #104

Taking Microsoft at their word that they saved the day would be dangerous because it would result Nitram Dec 2020 #124

Yeah, I agree. This is puffery by Microsoft to change the 'Windows vulnerability' narrative Maven Dec 2020 #113

Closing the barn door after the horses have fled pecosbob Dec 2020 #118

The US government needs more people like Gates. Lonestarblue Dec 2020 #12

Totally agree! SheltieLover Dec 2020 #15

Quantum computing will make passwords obsolete and systems, as we know them, untenable. Ponietz Dec 2020 #17

Trying to wrap my non-IT brain around this concept SheltieLover Dec 2020 #23

Let me explain. Pobeka Dec 2020 #47

Good grief! SheltieLover Dec 2020 #48

It's not that I disagree with anything you're saying here, Pobeka. Hugin Dec 2020 #61

100% agree with that! n/t Pobeka Dec 2020 #64

... Hugin Dec 2020 #67

The technology, if proved viable, is a long way away from practical usage Tommymac Dec 2020 #62

Yep. Thanks for the additional detail. n/t Pobeka Dec 2020 #66

Only if those bits can be maybe to byte. Arne Dec 2020 #43

This is why Trumpers are traitors... Jon King Dec 2020 #16

All the while calling Dems "communists!" SheltieLover Dec 2020 #20

On the other hand... Klaralven Dec 2020 #18

Very true SheltieLover Dec 2020 #21

No kidding. plimsoll Dec 2020 #44

What a pantload of crap. Virus prone Microsoft operating systems SUCK! infullview Dec 2020 #19

I'm not generally a fan of MS by any means SheltieLover Dec 2020 #22

Source? Please delete this Dumps news you gave posted here. nt Nimble_Idea Dec 2020 #28

Source? Not sure what you are asking for. infullview Dec 2020 #32

Is this a professional opinion? KatyMan Dec 2020 #35

Yes I am a professional, and not opinion, fact. infullview Dec 2020 #45

Lol, again! Nt USALiberal Dec 2020 #52

Apple has another advantage over MS jmowreader Dec 2020 #63

You should have got royalties for your excellent idea! BobTheSubgenius Dec 2020 #114

Smart process improvement! JudyM Dec 2020 #116

Thanks, just asking KatyMan Dec 2020 #69

"the only thing you can infect on a Mac or a Unix machine is an application like a browser" CloudWatcher Dec 2020 #96

Can't protect some people from themselves, but Unix, Mac, Linux all ask for a password and inform infullview Dec 2020 #109

Although I agree with your post, Arne Dec 2020 #46

Lol, ok! Nt USALiberal Dec 2020 #51

You don't even know what DLL Means!!! Nt USALiberal Dec 2020 #54

Dynamic Link Library LeftInTX Dec 2020 #89

Right wing Trump excuses posted here for allowing this attack. Demsrule86 Dec 2020 #70

So now we're accusing people we disagree with of posting "right wing Trump excuses?" Nitram Dec 2020 #100

Pretty sure DLL stands for Dynamically Linked Library (NT) HuskyOffset Dec 2020 #105

Need a time warp. MyNameGoesHere Dec 2020 #110

DLL stands for "Dynamic Link Library." Aussie105 Dec 2020 #24

Thx! SheltieLover Dec 2020 #25

I stand corrected. Dynamic is correct infullview Dec 2020 #26

Doesn't matter how you name it, it's still a bad idea. infullview Dec 2020 #27

Agreed! SheltieLover Dec 2020 #31

"Death star"? Apparently Microsoft is the Empire and the hackers are the Rebel Alliance? Klaralven Dec 2020 #76

Good. WW111 is already happening on Roc2020 Dec 2020 #29

Couldn't agree more! SheltieLover Dec 2020 #33

Cold War moved to the digital world.... paleotn Dec 2020 #36

I totally agree! SheltieLover Dec 2020 #38

MS as "a nearly-overwhelming force for good"... TomVilmer Dec 2020 #37

This is what employees / former employees convey SheltieLover Dec 2020 #40

Microsoft unleashes 'Death Star' on SolarWinds hackers in extraordinary response to breach LudwigPastorius Dec 2020 #39

Great questions! SheltieLover Dec 2020 #41

Hype. There is a key statement that needs to cause REAL concern for all. cayugafalls Dec 2020 #49

I agree! SheltieLover Dec 2020 #50

I see your point and hope that we begin proactive Cyber Warfare now. cayugafalls Dec 2020 #55

I can hear the barn door slamming from here. Hugin Dec 2020 #53

When I was still doing simulation S/W rickford66 Dec 2020 #56

This is the most overheated article ever Azathoth Dec 2020 #65

+1 Hugin Dec 2020 #68

It is a great article and consider...there were things used that are not in the article...they Demsrule86 Dec 2020 #71

This is what I'm hoping! SheltieLover Dec 2020 #74

Ty for sharing! SheltieLover Dec 2020 #73

Sinkholing is not a cure CloudWatcher Dec 2020 #94

If I didn't know better, I'd suspect Microsoft paid for this PR piece. Nitram Dec 2020 #101

Great article and a big fuck you to Putin indeed...thanks for it. K&R Demsrule86 Dec 2020 #72

YW! 👍 SheltieLover Dec 2020 #75

It is a very good sign...again thanks. Ignore the naysayers. Demsrule86 Dec 2020 #77

Ty SheltieLover Dec 2020 #78

I've got news for you ItsjustMe Dec 2020 #119

Very cool, thanks for sharing. nt Hotler Dec 2020 #79

Yw! SheltieLover Dec 2020 #80

Kick! Hekate Dec 2020 #82

Hard to defend against human foibles. klook Dec 2020 #85

I'd read their password was company name, followed by 123 SheltieLover Dec 2020 #87

No kidding. klook Dec 2020 #90

Yu SheltieLover Dec 2020 #91

"...By the end of this week..." superpatriotman Dec 2020 #88

yep - "barely a fraction" is still a fraction 0rganism Dec 2020 #93

this is just sensible first steps, the impacts are far from over 0rganism Dec 2020 #92

The hackers should all die in a fire. nt cstanleytech Dec 2020 #95

We got rid of Trump. We should rid the world of Putin Captain Zero Dec 2020 #97

Thank you Microsoft seta1950 Dec 2020 #98

Bill effn' Gates, Ladies and Gentlemen! OMGWTF Dec 2020 #102

So why are we not using multiple technology firms ecstatic Dec 2020 #108

My husband received a strange, automatic Microsoft update today. Baitball Blogger Dec 2020 #112

Interesting. This is why I usually delay updates ecstatic Dec 2020 #123

Why was this not reported on any of the news shows? Fla Dem Dec 2020 #121

If that's true, it is one more reason not to rely on TV "news". It's been in the Post for a week at Nitram Dec 2020 #125

The Washington Post? NY Post? Fla Dem Dec 2020 #126

Sorry, I was a referring to the Washington Post. I'm not sure the term "Microsoft Deathstar" is Nitram Dec 2020 #127

Thanks for the link. It appears the top poster was a bit over enthusiastic Fla Dem Dec 2020 #128