• What does the SolarWinds attack mean to us?

    Home » Forums » Newsletter and Homepage topics » What does the SolarWinds attack mean to us?

    Tags:

    Author
    Topic
    Susan Bradley
    Manager
    January 2, 2021 at 1:12 pm #2325376

    Heard about the SolarWinds attack and how attackers had access to Microsoft’s source code?  Here’s my views on the SolarWinds attack. I don’t think it
    [See the full post at: What does the SolarWinds attack mean to us?]

    Susan Bradley Patch Lady/Prudent patcher

    1 user thanked author for this post.
    OscarCP
    Reply | Quote
    Viewing 5 reply threads
    Author
    Replies
    • Alex5723
      AskWoody Plus
      January 5, 2021 at 2:01 am #2325516

      An old build of Windows Core ‘Polaris’ has leaked online. This is the previous Core OS for the coming Windows 10X.

      An early build of Polaris, a canceled SKU of Windows Core OS, has leaked online. The build is from early 2018, and includes nothing but the bare core OS, meaning there’s no composer (shell) or apps present. Windows Core OS is a modern version of Windows that powers HoloLens 2 and the upcoming Windows 10X, and has been in the works for many years…..

      What does the SolarWinds attack mean to us? The attack means to any OS, software, service.. users
      that governments, enterprises, service providers…don’t care so don’t invest in enough in security. This attack shouldn’t have happened if proper measures were put in place.

      • This reply was modified 4 years, 3 months ago by Alex5723.
      1 user thanked author for this post.
      Fred
      Reply | Quote
      • b
        AskWoody_MVP
        January 5, 2021 at 8:33 am #2325994
        Alex5723 wrote:

        An old build of Windows Core ‘Polaris’ has leaked online. This is the previous Core OS for the coming Windows 10X.

        What makes you think that is in any way connected with the SolarWinds attack?

        Reply | Quote
    • Fred
      AskWoody Lounger
      January 5, 2021 at 3:13 am #2325961
      Alex5723 wrote:

      This attack shouldn’t have happened if proper measures were put in place.

      Yes, and ok. IT changes very fast, so security is always behind, AND not the least: to adminster that uses  very special humonoid abilities, and these people are very hard to find and keeping up to date.

      Must I write “cheers” now? 😉

      * _ ... _ *
      Reply | Quote
    • Alex5723
      AskWoody Plus
      January 5, 2021 at 4:05 am #2325967
      Fred wrote:

      IT changes very fast, so security is always behind

      You can’t justify IT Admins negligence with “fast changes”.
      Each update / new version of software should be tested on test servers / test networks which are disconnected from Internet / local network.
      Logs should be monitored for abnormal activities, attempts to outside connections…

      Reply | Quote
    • Paul T
      AskWoody MVP
      January 6, 2021 at 3:00 am #2326179
      Alex5723 wrote:

      Logs should be monitored for abnormal activities

      Assuming you have enough time / staff to perform this role.

      cheers, Paul

      Reply | Quote
    • Alex5723
      AskWoody Plus
      January 6, 2021 at 12:56 pm #2326271
      Paul T wrote:

      Assuming you have enough time / staff to perform this role.

      Assuming government and major enterprises should have the stuff needed.

      Reply | Quote
    • OscarCP
      Member
      February 9, 2021 at 4:00 pm #2342262

      Here there is some more information, including more recent one, on this very serious breach into US government and business networks that still has not been fully repaired and might be, in some cases, next to impossible to repair:

      https://www.washingtonpost.com/technology/2021/02/09/fireeye-hack-russia-microsoft/

      In case people have difficulty reading the article in this paywalled Web site, here is an excerpt:

      Shaked Reiner, an Israeli cybersecurity expert who described the Golden SAML Attack in a 2017 blog post, said the method offers important advantages to hackers — namely its potential to enable unusually wide-ranging, long-lasting and hard-to-detect intrusions that may merit more robust defenses.

      The initial blog post, made on the site of his employer, CyberArk Labs, initially generated only modest attention. News of the Russian hack, three years later, changed that. The National Security Agency cited Reiner’s post in its advisory on how to detect such intrusions on Dec. 17.

      “Right away, we understood. This is what we were talking about,” Reiner said.

      He added that hackers deploying the Golden SAML Attack “can pretty much impersonate any user in a network. … Detecting this type of attack can be extremely difficult.”

      Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

      MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
      Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
      macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

      Reply | Quote
    Viewing 5 reply threads
    Reply To: What does the SolarWinds attack mean to us?

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.