gently caress sake. Failed our CE+ audit because IT hasnt been keeping up to date with patching
|
|
# ? Dec 18, 2020 17:28 |
|
|
# ? Jun 11, 2024 14:54 |
|
Vigil for Virgil posted:gently caress sake. "But if we patch we'd get hit by Sunburst, what now?"
|
# ? Dec 18, 2020 17:33 |
|
BaseballPCHiker posted:From what I've seen this isnt true. Its more like some companies were using Azure so some Microsoft tenants got hit not Microsoft corporate or their services. Again just from what I've read so far. I think I saw a thing about MS saying they found some of the compromised dll’s in some internal environments but no evidence of further intrusion.
|
# ? Dec 18, 2020 17:44 |
|
The Fool posted:I think I saw a thing about MS saying they found some of the compromised dll’s in some internal environments but no evidence of further intrusion. Yesterday I read there was nothing. Today I read this. Who knows what tomorrow brings!
|
# ? Dec 18, 2020 17:50 |
|
News about what MS has done about this hack, and its a ton of credit to them. https://www.geekwire.com/2020/microsoft-unleashes-death-star-solarwinds-hackers-extraordinary-response-breach/ E: and something about them finding comprised binaries https://www.engadget.com/microsoft-solarwinds-075020280.html
|
# ? Dec 18, 2020 17:59 |
|
Apparently Mozilla has a VPN now? Anyone here used it? Is it any good?
|
# ? Dec 18, 2020 18:44 |
|
Cup Runneth Over posted:Apparently Mozilla has a VPN now? Anyone here used it? Is it any good? mullvad!
|
# ? Dec 18, 2020 18:47 |
CommieGIR posted:"But if we patch we'd get hit by Sunburst, what now?" We had versions of Adobe Reader from 2017. I wanna kill IT right now I spent the last 6 weeks prepping for this and explicitly told them about this.
|
|
# ? Dec 18, 2020 18:57 |
|
If it makes you feel better, I fully expect 3/4 of the posters in this thread would be chiming in with similar stories if not for NDAs :P I, for my part, am not making any statements about any dreams I may or may not have had of violently throttling the people in charge of patching strategy and execution at various companies.
|
# ? Dec 18, 2020 19:26 |
|
Ive had more than one job where I was explicitly asked if I knew how to do patching on linux(i was confused because I assumed that was asking if I knew how to use the patch command) and never once used that knowledge
|
# ? Dec 18, 2020 19:33 |
|
RFC2324 posted:Ive had more than one job where I was explicitly asked if I knew how to do patching on linux(i was confused because I assumed that was asking if I knew how to use the patch command) and never once used that knowledge I haven’t used the patch command since I stopped doing mud dev in the 90’s
|
# ? Dec 18, 2020 19:37 |
|
The Fool posted:I haven’t used the patch command since I stopped doing mud dev in the 90’s That they were just asking if I knew how to type "yum update" blew my mind, since last time I even saw a reference to it was in some tarball for a game in the mid 2000s
|
# ? Dec 18, 2020 19:41 |
|
For two years of my life I had recurring literal nightmares that I was the cause of something like this, and would never be able to enter the US again. In the dreams they also often took our cat away, which I think is not supported by case law.
|
# ? Dec 18, 2020 19:44 |
|
Cup Runneth Over posted:Apparently Mozilla has a VPN now? Anyone here used it? Is it any good? mozilla recently dumped over a quarter of their workforce, particularly from the dev team, and is desperate to turn a profit off anything, so uh, use at your discretion i guess.
|
# ? Dec 18, 2020 19:54 |
|
Cup Runneth Over posted:Apparently Mozilla has a VPN now? Anyone here used it? Is it any good? I was pretty sure and the wikipedia page on it backed me up that Mozilla VPN's pay version is just a rebranded Mullvad VPN. Which is the VPN I use and it works pretty well and has a decent rep, so... it probably is alright, I'm just not sure what you gain over getting Mullvad directly.
|
# ? Dec 18, 2020 20:07 |
|
brains posted:mozilla recently dumped over a quarter of their workforce, particularly from the dev team, and is desperate to turn a profit off anything, so uh, use at your discretion i guess. Yeah, they basically gutted a lot of their appsec team, and is cozying up to profit centers. No thanks. Chrome/Google sucks, but at least they are transparently bad.
|
# ? Dec 18, 2020 20:49 |
|
Martytoof posted:If it makes you feel better, I fully expect 3/4 of the posters in this thread would be chiming in with similar stories if not for NDAs :P Now, now, it could be worse. You could be at a company with three distinct IT departments, whose systems are interconnected, but are at best completely ignoring each other. And, hypothetically, responsibilities would be clear as mud. Also outsourcing with lovely contracts and no follow-up.
|
# ? Dec 18, 2020 21:00 |
|
gourdcaptain posted:I was pretty sure and the wikipedia page on it backed me up that Mozilla VPN's pay version is just a rebranded Mullvad VPN. Which is the VPN I use and it works pretty well and has a decent rep, so... it probably is alright, I'm just not sure what you gain over getting Mullvad directly. Well, I can pay in dollars, and technically I get a discount
|
# ? Dec 18, 2020 21:17 |
|
The Fool posted:I haven’t used the patch command since I stopped doing mud dev in the 90’s You should never have stopped
|
# ? Dec 18, 2020 21:18 |
|
Vigil for Virgil posted:explicitly told them about this.
|
# ? Dec 18, 2020 21:21 |
|
RFC2324 posted:News about what MS has done about this hack, and its a ton of credit to them. What is up with the absurd adjective use in almost every bullet point of that article? the entirety of it is written like "super legendary microsoft literally hacked ten billion hackers back with one stroke of the pen"
|
# ? Dec 18, 2020 22:14 |
|
Biowarfare posted:What is up with the absurd adjective use in almost every bullet point of that article? the entirety of it is written like "super legendary microsoft literally hacked ten billion hackers back with one stroke of the pen" Government-backed counter-propaganda
|
# ? Dec 18, 2020 22:16 |
|
writer is a (former? current?) ms shill/employee
|
# ? Dec 18, 2020 22:39 |
|
I know it sounds kind of Dale Gribbley, but the United States Government, one of its crown jewel companies, and thousands to tens of thousands of smaller orgs collectively have egg on their faces. It's no secret that there's a multitude of government-owned media companies, and this seems like exactly the kind of situation where flexing political damage control would need to happen. Anything that spins this positive in these coming days I think is worth treating as extremely suspect Not that there aren't oodles of individuals who would write stuff like that all on their own out of civic/company pride
|
# ? Dec 18, 2020 22:49 |
|
https://twitter.com/Viss/status/1341125545208123392?s=20
|
# ? Dec 21, 2020 22:10 |
|
wonder how much liability solarwinds is going to eat on this
|
# ? Dec 21, 2020 22:43 |
|
RFC2324 posted:
None, this is security products industry norms.
|
# ? Dec 21, 2020 23:44 |
|
RFC2324 posted:
A credit bureau lost all of their customer records. Nobody went to jail. I don't think anybody was even charged (except maybe for dumping stock?). So, probably somewhere between lol and zero.
|
# ? Dec 21, 2020 23:57 |
|
I mean a bunch of people did dump stock right before the announcement E: And they managed to directly piss off the US Government
|
# ? Dec 22, 2020 01:16 |
|
What's "liability" precious?
|
# ? Dec 22, 2020 01:21 |
|
It's one of the insurances you purchase so you don't have to face consequences for your actions.
|
# ? Dec 22, 2020 01:37 |
|
Assuming that there would be consequences in the first place.
|
# ? Dec 22, 2020 02:14 |
|
Ynglaur posted:A credit bureau lost all of their customer records. Nobody went to jail. I don't think anybody was even charged (except maybe for dumping stock?). So, probably somewhere between lol and zero.
|
# ? Dec 22, 2020 16:17 |
|
Reading that Bloomberg article, everything at Solar Winds pre- and post-disclosure has been
|
# ? Dec 22, 2020 16:28 |
|
wyoak posted:Solarwinds doesn't keep the rich rich like the credit bureaus do and they directly screwed the US gov't, there's a decent chance there's actually some blowback here. Maybe even a slightly smaller golden parachute! This is what I was thinking, this and the whole dumpster fire thing being a norm we suddenly have to be aware of because it lit the back of the building on fire.
|
# ? Dec 22, 2020 16:32 |
If you're responsible for an Azure tenant, I'd suggest reading this: https://us-cert.cisa.gov/ncas/alerts/aa20-352a quote:Note (updated December 19, 2020): CISA has evidence that there are initial access vectors other than the SolarWinds Orion platform. Specifically, we are investigating incidents in which activity indicating abuse of Security Assertion Markup Language (SAML) tokens consistent with this adversary’s behavior is present, yet where impacted SolarWinds instances have not been identified. CISA is working to confirm initial access vectors and identify any changes to the TTPs. CISA will update this Alert as new information becomes available. quote:Detection: Impossible Logins I always knew app registrations were the devil. The good thing is there are footnotes at the bottom for some yaml files you can pull into Sentinel (or just pull the search out of and put into normal Azure monitoring, you don't strictly need Sentinel since it's looking for AAD logs) but now I'm wondering what hasn't been disclosed if there might be other entry points for this. Sentinel stuff: https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SigninLogs/AzureAADPowerShellAnomaly.yaml quote:| where AppId =~ "1b730954-1685-4b74-9bfd-dac224a7b894" // AppDisplayName IS Azure Active Directory PowerShell ^ lol edit: did a little more reading. I feel better about having implemented PIM and required extra MFA any time the role is activated. Godspeed anyone with a poorly secured Azure tenant. i am a moron fucked around with this message at 16:52 on Dec 22, 2020 |
|
# ? Dec 22, 2020 16:48 |
|
Proteus Jones posted:Reading that Bloomberg article, everything at Solar Winds pre- and post-disclosure has been Yeah, and honestly if Solarwinds had discovered it themselves, I don't think they would've taken it as seriously as Fireeye did.
|
# ? Dec 22, 2020 17:15 |
|
https://twitter.com/lolonghi/status/1341863667290140672
|
# ? Dec 24, 2020 20:48 |
|
Hey, my impression based solely on their ads was correct. They are assholes!
|
# ? Dec 24, 2020 20:57 |
|
|
# ? Jun 11, 2024 14:54 |
Holy poo poo there are almost no words for this. Except bah humbug
|
|
# ? Dec 24, 2020 20:58 |