Wow I wonder if Orion allowed disabling the quality improvement. I always disable it on anything that let's me. I'm not quite sure why fire eye still is leading this charge, it's kind of like letting a leper check your prostate https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
On Mon, Dec 14, 2020, 2:35 PM Steve Jones <[email protected]> wrote: > Lol, doublecheck for what though? > > > So now fireye says it was solar wind hacking that breached them > > > https://www.usatoday.com/story/tech/2020/12/14/fireeye-solarwinds-hack-breach-cybersecurity-attack/6538645002/ > > Granted I doubt USA today "journalists" know much about what they're > writing about. > > This makes the "russia did it" claims on fireye part even more suspect, > since they dont have the forensics of solar wind, unless they are the > security of solar wind. > > This is going to be a fascinating thing to watch play out. > > I dont think most in the media realize this isnt a read only thing. The > Orion components we were looking at required write access and > administrative credentials. And that's a tiny podunk wisp. > > On Mon, Dec 14, 2020, 2:08 PM Ryan Ray <[email protected]> wrote: > >> Lots of stuff runs under Orion. >> >> Application Centric Monitor (ACM) >> >> Database Performance Analyzer Integration Module (DPAIM) >> >> Enterprise Operations Console (EOC) >> >> High Availability (HA) >> >> IP Address Manager (IPAM) >> >> Log Analyzer (LA) >> >> Network Automation Manager (NAM) >> >> Network Configuration Manager (NCM) >> >> Network Operations Manager (NOM) >> >> Network Performance Monitor (NPM) >> >> Network Traffic Analyzer (NTA) >> >> Server & Application Monitor (SAM) >> >> Server Configuration Monitor (SCM) >> >> Storage Resource Monitor (SCM) >> >> User Device Tracker (UDT) >> >> Virtualization Manager (VMAN) >> >> VoIP & Network Quality Manager (VNQM) >> >> Web Performance Monitor (WPM) >> >> >> If you're running any of those, double check your network asap. >> >> On Mon, Dec 14, 2020 at 12:02 PM Steve Jones <[email protected]> >> wrote: >> >>> Their sales folks are definitely aggressive. At least its currently >>> only limited (known) to two Orion platforms. Im really concerned about >>> this: "...and intended to be a narrow, extremely targeted, and manually >>> executed attack..." what does manually executed mean? Like some dude stuck >>> a USB key in the DOS box running their whole operation? >>> >>> >>> SolarWinds asks customers with any of the below products for Orion >>> Platform v2020.2 with no hotfix or 2020.2 HF 1 to upgrade to Orion >>> Platform version 2020.2.1 HF 1 as soon as possible to ensure the security >>> of your environment. This version is currently available at >>> customerportal.solarwinds.com. >>> >>> >>> >>> SolarWinds asks customers with any of the below products for Orion >>> Platform v2019.4 HF 5 to update to 2019.4 HF 6, which will be available >>> today, December 14, 2020, at customerportal.solarwinds.com. >>> >>> >>> >>> No other versions of Orion Platform products are known to be impacted by >>> this security vulnerability. Other non-Orion products are also not known to >>> be impacted by this security vulnerability. >>> >>> On Mon, Dec 14, 2020 at 1:53 PM Ryan Ray <[email protected]> wrote: >>> >>>> This is a big deal. Solarwinds Orion is a product used in many of the >>>> Top 100 companies in the world. Including tons of healthcare. >>>> >>>> I dislike Solarwinds for many reasons and refused to use them even >>>> before this hack. Just add another reason to the list. >>>> >>>> >>>> >>>> On Mon, Dec 14, 2020 at 11:49 AM Steve Jones <[email protected]> >>>> wrote: >>>> >>>>> So Im reading this now that Solar Winds updates have been delivering >>>>> payloads since june or july. Solar winds having crazy levels of access to >>>>> interior infrastructures. >>>>> >>>>> Im not sure what this is saying, it sounds like what fireye >>>>> isnt saying outwardly is their toolset was stolen prior to that and that >>>>> was how they were able to circumvent the solarwinds security >>>>> infrastructure, as solar winds relied on fireye? >>>>> >>>>> Anybody come across any good detail on solar winds impacted software? >>>>> Like if you downloaded the free subnet calculator, will they be taking >>>>> your >>>>> google home account too? Imma be pretty pissed if they mess with my google >>>>> play playlists. >>>>> >>>>> I wonder if the disruptions with office365 and the weird spam filter >>>>> changes lately are related to cleanup prior to publication. >>>>> >>>>> We are a tiny company and got withing a hair of pulling the trigger on >>>>> various solarwinds offerings over the years. Thats with tiny company tiny >>>>> budgets. I cant imagine CTO voicemails going down around the world today, >>>>> depending on budget, you hand the keys over to solarwinds, and by design, >>>>> each key you hand over makes sense to spend a little more and hand over >>>>> another key. How would you even begin to clean up your organization when >>>>> your systems that would provide you your forensics are the systems that >>>>> did >>>>> the damage? >>>>> >>>>> Is this just mediahype and more russia russia russia, or is this as >>>>> big of a deal as it seems >>>>> >>>>> On Mon, Dec 14, 2020 at 9:01 AM dave <[email protected]> wrote: >>>>> >>>>>> DA HUMANITY!! >>>>>> >>>>>> >>>>>> On 12/14/20 8:58 AM, Ken Hohhof wrote: >>>>>> >>>>>> I had a customer this morning complaining she couldn’t “sign on” to >>>>>> the Internet. I mentioned that Google had an outage this morning, but >>>>>> she >>>>>> responded that she doesn’t use any Google services. Of course her email >>>>>> was from a Gmail address. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> *From:* AF <[email protected]> <[email protected]> *On >>>>>> Behalf Of *Mike Hammett >>>>>> *Sent:* Monday, December 14, 2020 6:54 AM >>>>>> *To:* AnimalFarm Microwave Users Group <[email protected]> >>>>>> <[email protected]> >>>>>> *Subject:* Re: [AFMUG] Fireye >>>>>> >>>>>> >>>>>> >>>>>> "I know I'm next, they're coming after my google home mini and my >>>>>> netflix account." >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> aaaaannnndddd Google is broken this morning. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> ----- >>>>>> Mike Hammett >>>>>> Intelligent Computing Solutions <http://www.ics-il.com/> >>>>>> <https://www.facebook.com/ICSIL> >>>>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >>>>>> <https://www.linkedin.com/company/intelligent-computing-solutions> >>>>>> <https://twitter.com/ICSIL> >>>>>> Midwest Internet Exchange <http://www.midwest-ix.com/> >>>>>> <https://www.facebook.com/mdwestix> >>>>>> <https://www.linkedin.com/company/midwest-internet-exchange> >>>>>> <https://twitter.com/mdwestix> >>>>>> The Brothers WISP <http://www.thebrotherswisp.com/> >>>>>> <https://www.facebook.com/thebrotherswisp> >>>>>> >>>>>> >>>>>> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> >>>>>> ------------------------------ >>>>>> >>>>>> *From: *"Steve Jones" <[email protected]> >>>>>> *To: *"AnimalFarm Microwave Users Group" <[email protected]> >>>>>> *Sent: *Sunday, December 13, 2020 9:57:21 PM >>>>>> *Subject: *Re: [AFMUG] Fireye >>>>>> >>>>>> Nope, per fireye, the toolset had to be released because of it being >>>>>> stolen, was not "in the wild" >>>>>> >>>>>> >>>>>> >>>>>> Going to get really interesting to see what comes of this, two >>>>>> federal agencies just happen to get hit shortly after. You can do plenty >>>>>> when you know how you would have otherwise been caught. >>>>>> >>>>>> >>>>>> >>>>>> And that's all fireye admits to having been breached. I'm gonna go >>>>>> ahead and not take their word on it definitively having been russia >>>>>> either. >>>>>> Convenient timing after iran specifically has stated they're going to >>>>>> retaliate for the dead scientist. China will probably confirm this >>>>>> shortly >>>>>> >>>>>> >>>>>> >>>>>> Pretty sure this is far from over and pretty sure this company is >>>>>> just the first to go public. >>>>>> >>>>>> >>>>>> >>>>>> I know I'm next, they're coming after my google home mini and my >>>>>> netflix account. >>>>>> >>>>>> >>>>>> >>>>>> On Sun, Dec 13, 2020, 9:10 PM Ken Hohhof <[email protected]> wrote: >>>>>> >>>>>> Not saying you are wrong. >>>>>> >>>>>> >>>>>> >>>>>> But I think I read somewhere that the Fireye tools that were stolen >>>>>> were a collection of malware already in the wild that they used for >>>>>> testing >>>>>> of client networks. So it was stuff already available, just neatly >>>>>> packaged. >>>>>> >>>>>> >>>>>> >>>>>> The guys who really f’d up were the “Equation Group” (cough, cough, >>>>>> NSA) who lost novel and very powerful hacking tools like Eternal Blue to >>>>>> the Shadow Brokers group. >>>>>> >>>>>> >>>>>> >>>>>> *From:* AF <[email protected]> *On Behalf Of *Steve Jones >>>>>> *Sent:* Sunday, December 13, 2020 8:45 PM >>>>>> *To:* AnimalFarm Microwave Users Group <[email protected]> >>>>>> *Subject:* [AFMUG] Fireye >>>>>> >>>>>> >>>>>> >>>>>> These guys F'd up beyond belief. >>>>>> >>>>>> >>>>>> >>>>>> Inept as jaime would say >>>>>> >>>>>> -- >>>>>> AF mailing list >>>>>> [email protected] >>>>>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>>>>> >>>>>> >>>>>> -- >>>>>> AF mailing list >>>>>> [email protected] >>>>>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> AF mailing list >>>>>> [email protected] >>>>>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>>>>> >>>>> -- >>>>> AF mailing list >>>>> [email protected] >>>>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>>>> >>>> -- >>>> AF mailing list >>>> [email protected] >>>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>>> >>> -- >>> AF mailing list >>> [email protected] >>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>> >> -- >> AF mailing list >> [email protected] >> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >> > -- > AF mailing list > [email protected] > http://af.afmug.com/mailman/listinfo/af_af.afmug.com >
-- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com
