France's cyber-agency says Centreon IT management software sabotaged by Russian Sandworm
France’s Agence nationale de la sécurité des systèmes d'information (ANSSI), the nation’s cyber-security agency, has identified a years-long campaign to infiltrate IT monitoring platform Centreon. Centreon (the company) claimed that Centreon (the software) is a spiffing open-source IT monitoring tool. “Organizations must keep …
COMMENTS
-
-
Tuesday 16th February 2021 14:08 GMT Version 1.0
Re: All I want is a secure system where it's easy to do anything I want
All internet connected system can be secure, it's no problem at all ... just turn the power switch off. Let's face it, the internet has become a hacking tool, originally designed to reliably share information - these days it seems to imply that everyone can share your information.
El Reg, we need a "security" icon ... a pair of wire cutters please.
-
Wednesday 17th February 2021 22:26 GMT Michael Wojcik
Re: All I want is a secure system where it's easy to do anything I want
That's not secure, unless your requirements for the system are that it do nothing.
People not in the field often forget that "accomplishing its purpose" is an aspect of a system's security. There are various formulations of this. One is the third property of the "CIA" triad: Confidentiality, Integrity, Availability. Another is the principle that a secure system does what it is intended (by the "owner", itself a problematic concept) to do, and only that.
In reality there's no such thing as a secure system. There are systems which are more or less secure, a relative measurement which is only meaningful when defined using various metrics such as the cost, probability, or risk of a successful attack under a given threat model.
-
-
-
Tuesday 16th February 2021 10:21 GMT Pascal Monett
And it continues
Another provider to many important companies has its software compromised. Okay, through its customers' fault, granted, but still.
I think it is time to have a general review of high-profile software being used by companies that serve many other companies. We've basically stumbled across an underground trend that has been going on for years thanks to SolarWinds123's stupidity, but now it is time to take stock of the true situation and every company that operates in the Network Management market should be reviewing its published code with a fine comb and checking all of its code repositories to ensure that it is still offering secure code.
-
Tuesday 16th February 2021 12:46 GMT JClouseau
"rusty high school French and online translation services"
...or you could go straight to the English version ;-)
-
Tuesday 16th February 2021 15:59 GMT WolfFan
They actually named it that?
The first thing I thought when seeing that acronym was that someone had misspelled Anansi and I wondered where the spider was… Anansi comes from West Africa, including the likes of Senegal, Cote d’Ivoire and other bits of Francophone Africa, so they should have known this… being associated with Anansi is, perhaps, not the best look for a security organization.
-
Tuesday 16th February 2021 20:53 GMT Robert Carnegie
Re: They actually named it that?
Quite an early adventure in the 21st century version of "Danger Mouse" involves an issue with the World Wide Web in which I think they accidentally wake up the World Wide Spider. Arachno fans look away, because our heroes get a really really big vacuum cleaner......
Anyway... you didn't think that they misspelled "ANSI" then? As in, ANSI, WinCE, ... All these moments will be lost in time, like tears in rain.
How do you tear rain anyway...
-
-
Wednesday 17th February 2021 04:08 GMT YetAnotherJoeBlow
Eventually...
Until there is legislation with a true and meaningful penalty clause, this charade will never end - and it will get worse. It is like Google said; view every network and endpoint as an adversary.
I hate to think what the exploit will do that finally spurs action. All sorts of horrors come to mind. If we do not step up to the plate here, it is our fault to bear the burden of failure with the remedies that will follow.