Security breach at Solar Winds

[frcc]

I find this article interesting.

https://www.moneytimes.com/articles/...ity-expert.htm

It mentions a security expert (Vinoth Kumar), warned public/state agencies of
a potential login security breach at Solar Winds involving "ftp" ?????
Supposedely this led to a backdoor path to major Gov't/Commercial entities.

Administrator: didn't know if this post belongs in this section or "other"
since I don't know if it is BSD related.

[victorvas]

They have been warned about weak update server password, and did not change it for a year. It looks suspicious.
https://en.wikipedia.org/wiki/SolarWinds
Russian hackers were involved.

[blackhole]

https://thwack.solarwinds.com/t5/Gee...ls/ba-p/478665

Oh the irony....

Quote:

However, the risk is far less when it comes to proprietary software. Due to the nature of open-source software allowing anyone to update the code, the risk of downloading malicious code is much higher.

Or on the other hand someone could develop proprietary code and be this feckless:

Quote:

Security researcher Vinoth Kumar told Reuters that, last year, he alerted the company that anyone could access SolarWinds’ update server by using the password “solarwinds123”

“This could have been done by any attacker, easily,” Kumar said.

https://www.reuters.com/article/glob...-idUSKBN28Q07P

[frcc]

If any form of detail/truth from this incident (Ya Right!) reaches our level, I will be surprised! Still, the amount of informationl that is already available "appearing" to be news gives new meaning to the term IT security professional........
Scheeeeeeeez!

[J65nko]

The Guardian has an article from Bruce Schneier about this security breach: The US has suffered a massive cyberbreach. It's hard to overstate how bad it is

[IdOp]

Thank you for the Schneier article, though the link didn't work for me. This link did.

[frcc]

https://www.reuters.com/article/us-g...-idUSKBN28Y1BF