Don't go around the fence!
Don't go through the hole in the fence! You are entering a secure area.
Your conscience will bother you. You have been warned!
As if that supply chain attack wasn't bad enough, SolarWinds has had to patch its Orion software again after eagle-eyed researchers discovered fresh vulnerabilities – including one that can be exploited to achieve remote code execution. Ziv Mador, security research veep at Trustwave, the firm that found the flaws, told The …
Wow that brings back memories. I knew a guy(online only never met) back in the late 90s who distributed a "hacked" ServU which was popular for a certain file sharing people back then. People used it because it didn't need a license key, but he also inserted his own backdoor account(s).
..... Absolutely Heavenly Delights Full to Overflowing with Devilish Temptations
It is best, and one would do extremely well to realise, that such is the advanced and forever advancing and improving and constantly changing nature of that
beastly daemon/anonymous invisibility which is of particular concern and/or peculiar interest to all here now, and those others who be batting and battling so valiantly in this instance on SolarWinds' Orion network management products' behalf, one can fully expect, whenever such trialling instances are recognised as being simply effective and especially successful, much more of the same impacting and extracting all manner of worth from many other select, highly valued targets .... with the deeper scope and vaster scale of the operation enhanced and expanded and elevated by sending meticulously crafted rather than maliciously crafted messages to any number of such queues.
Microsoft and Microsoft Message Queue technology is not so much a critical vulnerability to exploit and export, although that is not to say that others might not see it that way and beg to differ and try to prove their point of view valid, it is much more a convenient feature for SMARTR Applicable Program Use.
And if one can believe all of the reports on such developments as we read about here, one has to marvel at the tenacious ingenuity of those practically unknown Russians and Chinese routinely blamed for such hacks without ever a shred of evidence being presented for validation. How do they do that so well ‽ .
Outline of a purely fictitious story.....something Lee Childs might write in the next little while....purely fictitious!
The main protagonists are bad actors working in Ruritania. Here's the plot outline. Actions #1 through #6 are Ruritanian:
1. Read up on "agile", "scrum", "devops". Lots of boosters out there!
2. Read up on software companies who are using "agile", "scrum" or "devops".
3. Do some probing on the systems used by said software companies. If you find that the development environment is "accessible", move to step #4.
4. Insert bad stuff into the "agile", "scrum" and "devops" process stream.......no one will notice!
5. Wait six months for the bad stuff to hit the streets.
7. Jack Reacher gets the job of cleaning up Ruritania!
Biting the hand that feeds IT © 1998–2021