Still way more unfolding on this story of the Solarwinds hack. I must say I am not surprised because my experience of Orion has been that it was bloatware and I un-installed it a day after trying it out. That’s what you get when you acquire 22 companies to make a product suite.
Another thing I have always worried me as well when 2FA gives you the option to “Trust this device for 30 days”. Surely that’s a cookie being set, someone just has to find a way to steal the cookie and then you have 0FA. I think some serious re-thinking needs to be done about how 2FA is implemented.
This is a huge wake up call for many governments, but how many down stream systems have been hacked that we don’t know about? These guys are cleary a skilled team, their only mistake was thinking they could hack FireEye undetected. Good thing they did (although I suspect credit must goto FireEye for emulating their clients environment so well) or how many more months would this hack have taken to find.
Hacking attack on U.S. reached into Microsoft -sources Microsoft was breached in the massive hacking campaign disclosed by U.S. officials this week, according to people familiar with the matter, adding a top technology target to a growing list of vital government agencies. Freddie Joyner has more. Federal authorities expressed […]