LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


Reply
  Search this Thread
Old 01-06-2021, 10:32 AM   #1
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 16,657
Blog Entries: 10

Rep: Reputation: 4923Reputation: 4923Reputation: 4923Reputation: 4923Reputation: 4923Reputation: 4923Reputation: 4923Reputation: 4923Reputation: 4923Reputation: 4923Reputation: 4923
Solarwinds


This has been on the news for a while now, but only today have I heard an in-depth article (a German podcast).
What a gigantic cluster****!
And, smugly me, it seems this completely bypasses me as a Linux user - at least directly!

Here's what CNBC says:
Quote:
It is not clear how much or what parts of Microsoft's source code repositories the hackers were able to access, but the disclosure suggests that the hackers who used software company SolarWinds as a springboard to break into sensitive U.S. government networks also had an interest in discovering the inner workings of Microsoft products as well.

Microsoft had already disclosed that like other firms it found malicious versions of SolarWinds' software inside its network, but the source code disclosure made in a blog post is new.

(...)

The SolarWinds hack is among the most ambitious cyber operations ever disclosed, compromising at least half-a-dozen federal agencies and potentially thousands of companies and other institutions. U.S. and private sector investigators have spent the holidays combing through logs to try to understand whether their data has been stolen or modified.

Modifying source code which Microsoft said the hackers did not do could have potentially disastrous consequences given the ubiquity of Microsoft products, which include the Office productivity suite and the Windows operating system. But experts said that even just being able to review the code could offer hackers insight that might help them subvert Microsoft products or services.
 
Old 01-06-2021, 03:15 PM   #2
smallpond
Senior Member
 
Registered: Feb 2011
Location: Massachusetts, USA
Distribution: CentOS 7
Posts: 3,486

Rep: Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928
The security company I used to work for has a hard boundary between systems which can access the source code or do builds, and systems which can access the rest of the world. It caused the developers to grumble a lot, but its the only design I can think of that is somewhat safe from an attack like this. Even a malicious update inside the perimeter has no way to allow external access or to exfiltrate code.
 
Old 01-06-2021, 04:36 PM   #3
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,365
Blog Entries: 3

Rep: Reputation: 2669Reputation: 2669Reputation: 2669Reputation: 2669Reputation: 2669Reputation: 2669Reputation: 2669Reputation: 2669Reputation: 2669Reputation: 2669Reputation: 2669
What makes this Windows attack interesting is that it was not only set up in the supply chain and so affected many via the official M$ resellers, the attack was also carefully managed so as not to hit any targets by accident and not give up the show until it was time to make their moves. I guess this was started in 2019 or earlier and the work came to visibility only after fruition.
 
Old 01-06-2021, 06:07 PM   #4
igadoter
Senior Member
 
Registered: Sep 2006
Location: wroclaw, poland
Distribution: many, primary Slackware
Posts: 1,721
Blog Entries: 1

Rep: Reputation: Disabled
What's the reason to steal 100 ton of garbage in hope to find something of value? You can hack Switzerland bank to find hidden accounts of citizens who avoid taxes. But this?
 
Old 01-07-2021, 01:01 PM   #5
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 16,657

Original Poster
Blog Entries: 10

Rep: Reputation: 4923Reputation: 4923Reputation: 4923Reputation: 4923Reputation: 4923Reputation: 4923Reputation: 4923Reputation: 4923Reputation: 4923Reputation: 4923Reputation: 4923
^ It's called Espionage. There's many reasons.

This thing makes non-IT, non-geeky people question "The Cloud". Some things should be done on site. It's not better just because it's "In The Cloud".

Solarwinds must be the laughing stock of the IT industry right now: to openly store an unencrypted password in a github repository. AFAIU without this, this gigantic attack would not have been possible. And of course the password was "solarwinds123"
 
Old 01-08-2021, 11:23 AM   #6
cynwulf
Senior Member
 
Registered: Apr 2005
Posts: 2,531

Rep: Reputation: 1896Reputation: 1896Reputation: 1896Reputation: 1896Reputation: 1896Reputation: 1896Reputation: 1896Reputation: 1896Reputation: 1896Reputation: 1896Reputation: 1896
Quote:
However, the risk is far less when it comes to proprietary software. Due to the nature of open-source software allowing anyone to update the code, the risk of downloading malicious code is much higher.
https://thwack.solarwinds.com/t5/Gee...ls/ba-p/478665
 
Old 01-08-2021, 11:36 AM   #7
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,365
Blog Entries: 3

Rep: Reputation: 2669Reputation: 2669Reputation: 2669Reputation: 2669Reputation: 2669Reputation: 2669Reputation: 2669Reputation: 2669Reputation: 2669Reputation: 2669Reputation: 2669
Quote:
Originally Posted by cynwulf View Post
Yes, saw that back then and again just the other day. It has not aged well.
 
Old 01-08-2021, 12:48 PM   #8
enorbet
Senior Member
 
Registered: Jun 2003
Location: Virginia
Distribution: Slackware = Main OpSys
Posts: 3,313

Rep: Reputation: 3289Reputation: 3289Reputation: 3289Reputation: 3289Reputation: 3289Reputation: 3289Reputation: 3289Reputation: 3289Reputation: 3289Reputation: 3289Reputation: 3289
I consider the idea that open-source code is by nature a greater attack surface to be absurd and laughable. I mean... 'cuz it's proven SO hard to crack proprietary code
 
Old 01-08-2021, 01:51 PM   #9
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 16,657

Original Poster
Blog Entries: 10

Rep: Reputation: 4923Reputation: 4923Reputation: 4923Reputation: 4923Reputation: 4923Reputation: 4923Reputation: 4923Reputation: 4923Reputation: 4923Reputation: 4923Reputation: 4923
Quote:
Originally Posted by cynwulf View Post
Quote:
Due to the nature of open-source software allowing anyone to update the code, the risk of downloading malicious code is much higher.
And, the apparently most important advantage:
Quote:
Open-source software is cost-effective. Most open-source software is free to use.
According to the author that is, who apparently understood nothing about how the majority of it is maintained; most notably, its security model.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Solarwinds Network monitor equivalent biomimetic Linux - Software 7 12-31-2011 09:47 AM
Solarwinds? tboyer Linux - Server 0 11-21-2011 06:44 PM
monitoring software? like solarwinds, or whatsup gold? jedimastermopar Linux - Software 1 07-22-2010 01:44 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 05:06 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration