• If you enjoy the forum please consider supporting it by signing up for a NES Membership  The benefits pay for the membership many times over.

Solar Winds Hack....

Broccoli Iglesias

NES Member
Rating - 100%
13   0   0
Joined
Sep 18, 2010
Messages
29,466
Likes
32,492
We use solarwinds at work (NPM & SAM) but I have shut down services and disabled them (server it was hosted on had no internet access). We use very little of it and can replace it with another great piece of software we have, EventSentry.
You didn't hear about the EventSentry hack 2 weeks ago?
 

JayMcB

NES Member
Rating - 100%
20   0   0
Joined
Aug 8, 2011
Messages
12,038
Likes
8,731
Location
Assachusetts when necessary. NH when possible
Imma be blunt - you need to stop pretending you have enough clue to wave your it penis around and do some more research:


[wave] obviously, yours is the superior intellect.

I will append my statement from 2FA to 'properly installed 2FA'

Setup>next>next>next>next>finish doesn't quite cover proper installation if you leave naked keys as text unencrypted in the registry.
Sorry for failing to mention that in a 30 second post aimed at an audience of non-IT pros....in a gun forum. It wasn't a white paper
 

fshalor

NES Member
Rating - 100%
10   0   0
Joined
Jul 1, 2012
Messages
4,356
Likes
3,173
Location
Portland, ME
Imma be blunt - you need to stop pretending you have enough clue to wave your it penis around and do some more research:


One of many reasons why scratch keys and recovery codes have no place.

I'm a little surprised that the reverse calculation happened on the server side. There really should have been no way for that to be the vector.

Cloning an mfa token? Easy as finding the screenshot of the QR code, or rooting their phone.
 
Rating - 100%
1   0   0
Joined
Mar 18, 2012
Messages
8,663
Likes
4,235
Location
A Fair Haven in an unfair state.
Could someone explain the nature and scope of the attacks to a non IT guy. I read the hack began back in March, appearing coincidently with that of made in china bat juice.

So the scope of the attacks is very very large. In fact, dare I say, the largest in the history of the world. Security companies like FireEye, software companies like Microsoft, many offices and branches of the US government, right down to local municipalities, untold numbers of businesses in the private sector. Many of them are looking at a total tear down and rebuild of their infrastructure. The cost to remediate this may wind up going well north of a trillion dollars to the economy by the time this is said and done. And that's just in the US, the malware has been detected in Canada, Western European countries even the middle East.
Because of the extensive amount of labor, downtime, and cost, many organizations are just not going to take the steps to properly remediate. That means the consequences of the compromise will live on for years. Information will continue to be stolen, ransomware will continue to propagate, who knows what the long-term implications will be.

just consider the fact that Microsoft was compromised. Now there have been some statements saying trust us it wasn't that bad. but so far they've had literally 24 hours to investigate. They don't know. Can you imagine a situation where a supply chain attack, like that which was conducted against solar winds, was implemented at Microsoft. The malware would be distributed by Windows updates, you could potentially be looking at worldwide infection of every computer in the world. Think about that for a minute.
 

fshalor

NES Member
Rating - 100%
10   0   0
Joined
Jul 1, 2012
Messages
4,356
Likes
3,173
Location
Portland, ME
Man. You corp IT guys are bitter bitchompers.

As worried as I am generally about windows security, I would be more concerned about all this mobile crap and iot crap that they aren't talking about yet.

Also Big Sur... Is a disaster of epic concern. Little Snitch circumvented by everything you do taste or touch being hashed and signetured and sent out to apple servers? No thank you.

Nests, tvs, frigging refrigerators? Iot stuff is sketchy.

One of my tasks this break is splitting out a device-only network with a decent firewall on it. For our damn TV which doesn't work well without network alive. And a printer.

Cups on a netbsd install is probably gonna be the gateway.

Lots of things
 

new guy

NES Member
Rating - 100%
65   0   0
Joined
Dec 7, 2009
Messages
26,712
Likes
28,499
Maybe it's just me, but after this whole Russian collusion bullshit and the fact that the left is already calling this a Russian "invasion" worthy of an in-kind response I'm skeptical.
 

drgrant

Moderator
NES Member
Rating - 100%
61   0   0
Joined
Mar 21, 2006
Messages
76,052
Likes
48,722
I know there are some fellow IT pros on this forum. IDK if you're following the Solar Winds story, but this shit is the scariest shit I have ever seen in my career... This is a truly epic compromise we'll be learning more about each day for weeks. It's already played a role in the compromise at FireEye, now Microsoft, many branches of the Federal Government.... This shit is scary stuff...

IMHO, if you work in IT and aren't following this, you may want to reevaluate your priorities...
What if we’re not following it because we don’t use it?
 

paul73

NES Member
Rating - 0%
0   0   0
Joined
Oct 30, 2020
Messages
1,798
Likes
1,714
Location
MA
Maybe it's just me, but after this whole Russian collusion bullshit and the fact that the left is already calling this a Russian "invasion" worthy of an in-kind response I'm skeptical.
who knows. 30 yrs ago - nope, nowadays - maybe they indeed got somewhat cyberwarfare ready.

look at the level of a general scepticism here of how much any government business can accomplish, then multiply it a 1000 fold - that is how much russian government can do. usually - nothing.
their specialty is kickbacks and robbing their own population - not getting anything productive done.

as of a general probability for some oligarh like potanin or deripaska or anybody else who are big into the crypto business making a cyber division inside of their private armies - that is quite possible, perhaps. but those are not russia - those are private entities where no laws apply.

wanna see how a true evil looks like? there you go.
.
 
Rating - 100%
1   0   0
Joined
Nov 8, 2005
Messages
26,598
Likes
4,858
For the past 6-12 months, I've gotten SPAM emails and maybe a few phone calls from both Solar Winds and Fire Eye. I just deleted them, and moved on. I had never heard of them before and to me it truly was SPAM. Glad I did. It is a bit bothersome though, that the timing sort of seems to coincide with this happening. I know we don't use it directly, but how would I know if any of our vendors did or did not use those companies?
 

Chevy 2 65

NES Member
Rating - 0%
0   0   0
Joined
Dec 29, 2013
Messages
17,188
Likes
9,633
Location
Somewhere in the sands of time
2FA...it's a thing. Fireye was hacked and their Red Team tools were used to breech solarwinds, 2FA would have mitigated the breech...but it wasn't mandatory.

Axiom....Security is not convenient,

SolarWinds was skinflint RMM. You get what you pay for,
FireEye made a statement that they have counter measures in place to prevent the use of those tools/detect the use...It was on a con call with their G.C. and our G.C... Take that how you want.
 

bmac10

NES Member
Rating - 100%
9   0   0
Joined
Nov 10, 2009
Messages
319
Likes
160

drgrant

Moderator
NES Member
Rating - 100%
61   0   0
Joined
Mar 21, 2006
Messages
76,052
Likes
48,722
Because of the extensive amount of labor, downtime, and cost, many organizations are just not going to take the steps to properly remediate. That means the consequences of the compromise will live on for years. Information will continue to be stolen, ransomware will continue to propagate, who knows what the long-term implications will be.

Meh, I doubt it. Most people aren't going to do shit, other than standardized security inspections, changing of passwords, and so on. Unless the system involved is really
sensitive. Nobody would ever get anything done if you had to destroy every machine that ever had a mild security problem.

Is this a big deal? No doubt. I don't disagree on that. Conhugecos that used this shit are likely very vulnerable and also the most likely to be exploited by chicoms or russian hackers, etc. Because there's money involved.
 
Rating - 100%
1   0   0
Joined
Mar 18, 2012
Messages
8,663
Likes
4,235
Location
A Fair Haven in an unfair state.
Meh, I doubt it. Most people aren't going to do shit, other than standardized security inspections, changing of passwords, and so on. Unless the system involved is really
sensitive. Nobody would ever get anything done if you had to destroy every machine that ever had a mild security problem.

Is this a big deal? No doubt. I don't disagree on that. Conhugecos that used this shit are likely very vulnerable and also the most likely to be exploited by chicoms or russian hackers, etc. Because there's money involved.

You're probably right about most people not taking it serious. Which is most unfortunate. Sooner or later they will come to regret that decision.
 

drgrant

Moderator
NES Member
Rating - 100%
61   0   0
Joined
Mar 21, 2006
Messages
76,052
Likes
48,722
Moral? Dump Microsoft and use Linux.

I work in an environment that has 30% linux boxes. The rest are macs and windows machines.

NEARLY ALL of the worst security incidents in the past decade that we ever had, have come from this class of machines.

ALL of the worst, most f***ing aggravating, security policies we have, also, have evolved from f***ing intrusions into linux boxes.

If someone kept a running tab, in the number of man hours wasted on forensics on those issues, the amount of time could never
even be met, let alone exceeded, by the other OSes.

Back when I was more involved in auditing, most of the leg work I had to do was with getting people with linux boxes to fix their
shit. It doesn't help that when you install the average linux distro, it's basically a big box of stale donuts in under a year and, with some
exceptions, completely abandoned. Even a shitty Mac or Windows OS release gets at least 5 years of patches.

I'm not saying "linux is inherently insecure". My point is more like "it's trivially easy to punch yourself in the dick with linux if you don't know what you're doing".
 

Dench

NES Member
Rating - 100%
113   0   0
Joined
Mar 24, 2008
Messages
18,994
Likes
8,536
I work in an environment that has 30% linux boxes. The rest are macs and windows machines.

NEARLY ALL of the worst security incidents in the past decade that we ever had, have come from this class of machines.

ALL of the worst, most f***ing aggravating, security policies we have, also, have evolved from f***ing intrusions into linux boxes.

If someone kept a running tab, in the number of man hours wasted on forensics on those issues, the amount of time could never
even be met, let alone exceeded, by the other OSes.

Back when I was more involved in auditing, most of the leg work I had to do was with getting people with linux boxes to fix their
shit. It doesn't help that when you install the average linux distro, it's basically a big box of stale donuts in under a year and, with some
exceptions, completely abandoned. Even a shitty Mac or Windows OS release gets at least 5 years of patches.

I'm not saying "linux is inherently insecure". My point is more like "it's trivially easy to punch yourself in the dick with linux if you don't know what you're doing".

It's almost as if the people who keep chanting use linux over the past 20+ years don't know anything about the joys of Linux, especially the builds that were around up until relatively recently.

Linux is so great that it's free and people still don't use it. [rofl]

brb while i spend 5 hours trying to figure out why I have no sound in linux, etc. [rofl]
 

drgrant

Moderator
NES Member
Rating - 100%
61   0   0
Joined
Mar 21, 2006
Messages
76,052
Likes
48,722
It's almost as if the people who keep chanting use linux over the past 20+ years don't know anything about the joys of Linux, especially the builds that were around up until relatively recently.

Linux is so great that it's free and people still don't use it. [rofl]

Linux is great as a back end OS run by people who know what they're doing. When it's not managed, it's chaos.

I have a friend who is an AWS/system engineering type, etc. He works in linux back-ends and VMs all day. He makes retarded cake doing it, so he knows what he's doing. You know what his machine is? He runs a mac laptop... . to get to the linux boxes. And has a windows one as a backup. He would tell us to get f***ed if someone told him running linux on a laptop was a good
idea. It isn't. [laugh]


brb while i spend 5 hours trying to figure out why I have no sound in linux, etc. [rofl]

The best is when you go to help some rando patch their machine and the entire patching thing/subsystem fails because the OS is just barely 2 months out of date. So you have to fix the
f***ing thing, before you can even patch the OS. Seen that movie too many times. [rofl]
 
Rating - 100%
1   0   0
Joined
Mar 18, 2012
Messages
8,663
Likes
4,235
Location
A Fair Haven in an unfair state.
Linux is great...... for servers. For desktop OS - it's just not there. Even Google can't break into that market and make significant gains with their Chromebooks. Maybe one day - but we're not there yet. Mobile - that's a different story... The most prevalent mobile OS is Linux - a.k.a Android.

How many times has:

sudo apt update && sudo apt upgrade

....f*cked shit up on me.... Let me count the ways... I do run Kali on a laptop though... But it's used for one purpose, and my daily computing isn't it.
 
Rating - 100%
1   0   0
Joined
Mar 18, 2012
Messages
8,663
Likes
4,235
Location
A Fair Haven in an unfair state.
It might be the NY Times, but it pretty much sums up what I;ve been saying about this...

" The remediation effort alone will be staggering. It will require the segregated replacement of entire enclaves of computers, network hardware and servers across vast federal and corporate networks. "

" A “do over” is mandatory and entire new networks need to be built — and isolated from compromised networks. "
 
Rating - 100%
1   0   0
Joined
Nov 8, 2005
Messages
26,598
Likes
4,858
The best is when you go to help some rando patch their machine and the entire patching thing/subsystem fails because the OS is just barely 2 months out of date. So you have to fix the
f***ing thing, before you can even patch the OS. Seen that movie too many times.
I've had this happen with Windows also.
 

Spartan65

NES Member
Rating - 100%
6   0   0
Joined
Nov 7, 2019
Messages
1,014
Likes
2,105
Sooo for us laymen can someone break this down. As far as impact on the average American? If Russia has dirt on the U.S, government from this hack I’m honestly not that upset about it. Hell if they launched our own nukes on D.C. I don’t think I would be upset. So, what difference does this make to the average American?
 

AHM

NES Member
Rating - 0%
0   0   0
Joined
Dec 30, 2013
Messages
12,039
Likes
11,886
" The remediation effort alone will be staggering. It will require the segregated replacement of entire enclaves of computers, network hardware and servers across vast federal and corporate networks. "
Be a shame if it were to broom all the evidence of Deep State collusion against Trump.
But that would just be coincidence.

OTOH, they won't be able to resist stealing stuff,
and evidence is going to surface in dumpsters and flea markets
when they least expect it...
 
Rating - 100%
1   0   0
Joined
Nov 8, 2005
Messages
26,598
Likes
4,858
Sooo for us laymen can someone break this down. As far as impact on the average American? If Russia has dirt on the U.S, government from this hack I’m honestly not that upset about it. Hell if they launched our own nukes on D.C. I don’t think I would be upset. So, what difference does this make to the average American?

Breach of data. Social Security numbers? Tax info? Court, health, or other confidential files? Heck, credit card numbers.
 
Top Bottom