* Posts by Mark 32

5 publicly visible posts • joined 10 Dec 2014

SEC still digging into SolarWinds fallout, nudges undeclared victims

Mark 32

Re: Team of 1000

The report indicated that the signatures of 1,000 coders were detected in the malicious code, which when I read it, I was intrigued to understand how that number can be determined. Given that it was reported that 4,000 odd lines of code in the compromised DLL and then whatever the code size is for the injected payload following the call to the command control.

This is part of the evidence of state sponsorship, which if indeed 1,000 coders were involved could only be the case, as that level of organisation simply would not happen in a private hacking group.

SolarWinds CEO describes overhauled Orion build system after that 'very small, unique' security breach

Mark 32

Re: a “very small” number

The actual context of the reference to a 'very small' number is not the 18,000 customers who had installed the affected version of code, but the number of those 18,000 that had actively been compromised, which according to that speech and the follow up article is less than 100.

https://orangematter.solarwinds.com/2021/05/07/an-investigative-update-of-the-cyberattack/

I am not making light of the seriousness of the incident here, but posting what the published facts are.

Mimecast bins SolarWinds and compromised servers alike in wake of supply chain hack

Mark 32

How does this actually increase security?

Any and every piece of software and hardware in an enterprise is open to attack and compromise. Stating they are dropping one solution for another makes little difference unless that vendor can provide guarantees and/or promise to cover any costs of compromise through their solution, which no vendor can.

SolarWinds HAS to increase their security, as does every other solution vendor out there. Any system that, to allow it to perform its function, has to have the 'keys to the kingdom' is a strong target, as this compromise has proven the reach and power this would give a malicious actor.

Counting down the days to the next breach at Mimecast...

Is tech monitoring software still worth talking about?

Mark 32

Re: SNMP

Give up trying to monitor NetApp via SNMP, use the Web service API

'I don't NEED to pay' to watch football, thunders EU digi-czar

Mark 32

MFIS

Anything that means the TV companies don't spend hundreds of millions on Football licences, which WE have to pay for is a good thing. Players wage will go down and they 'may' play for the love and glory rather than the next Bentley.