Announcement

Collapse
No announcement yet.

Russian Hackers Hack Multiple U.S. Government Entities

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Originally posted by Kung Wu View Post

    This isn't even in the same stratosphere as a 3rd party app on a consumer-facing app-store. There is absolutely zero way SolarWinds would intentionally release a patch to this software without it being digitally signed. That can't even happen by accident, as their signing structure would be fully automated.

    This happened because:

    1) The hackers inserted the trojan horse before it was digitally signed, or

    2) They were able to install root certs on lots of insecure clients and committed an SSL Proxy attack, and then faked a digital signature using their root cert, or

    3) Something else (e.g. the patch was fake, not signed, and they just relied on Admins installing an unsigned patch that appeared to be from SolarWinds).

    If a patch was created by SolarWinds, it was signed -- spend your time looking at a different attack vector than a patch without a digital signature.



    Yes that's option 1 above. That actually makes sense.



    Not unless it's particularly novel.
    I guess we are going to have to agree to disagree. I've been doing what I do for a long time and I've seen companies do a lot of dumb things. It actually keeps me gainfully employed. Your last post compares an app store to a lemonade stand. If you put patches and fixes on those sites for your PC, laptop, home router, printer and so on and someone downloads malware or a virus because the patch was not digitally signed (or something else went wrong) do you think they are going to have confidence in purchasing that companies products in the future? I would say those control should be in place whether you think they are foolproof or not and whether you are right or not (although you've given yourself a lot of real estate here) is yet to be determined. Companies have controls for a lot of reason, but in this case, these controls are for protection of reputation. You lose your reputation, you will lose your customers.

    Here's something else for you to think about.......If the malware was installed before the digital signature, they should have been comparing the binaries as well. And that would also have caught it.

    PS: your #2 is not plausible based on what is already known. What I've heard and read seems to point out that a server was compromised. That would rule out certificate forgery. It might also rule out unsigned patches as well.

    PSS: Shame on FireEye for running such crappy network monitoring software. They are a pretty expensive company, and the space they play in would tend to put a gigantic target on their backs.

    Comment


    • #17
      Originally posted by MikeKennedyRulZ View Post

      You think Hiden Joe is going to retaliate on anyone for anything???? LOL!!!! That is rich. The guy who helped sell our soul to Iran? The guy who bows to China at every whim? Right...I cannot stop laughing...
      Absolutely. He'd do it a lot quicker than Tramp, who is too busy kissing Putin's ass and holding his annual (actually never ending) festivus celebration. So let me ask you a question, do all you guys like Putin, too? You seem to think China's the scourge of the earth, but Putin is screwing us as well, a fact you seemingly can't grasp.

      Comment


      • #18
        Originally posted by revenge_of_shocka_khan View Post

        Absolutely. He'd do it a lot quicker than Tramp, who is too busy kissing Putin's ass and holding his annual (actually never ending) festivus celebration. So let me ask you a question, do all you guys like Putin, too? You seem to think China's the scourge of the earth, but Putin is screwing us as well, a fact you seemingly can't grasp.
        Please provide me with real evidence of said "butt kissing" and Russion collusion? I can point to Hiden Joe China corruption fairly easily.

        Comment


        • #19
          Originally posted by revenge_of_shocka_khan View Post

          I would say those control should be in place whether you think they are foolproof or not and whether you are right or not is yet to be determined.
          That’s because you’re an elitist authoritarian.

          Livin the dream

          Comment


          • #20
            Originally posted by revenge_of_shocka_khan View Post
            You seem to think China's the scourge of the earth, but Putin is screwing us as well, a fact you seemingly can't grasp.
            The Intelligence community tells us that China has designs on being a World Super Power. Russia wishes to be a powerful world power, but realistically, their time has passed, and they are more of a nuisance whose power needs to be taken seriously and punished but not placed on the same tier as China.

            Comment


            • #21
              Sure is funny how the MSM was falling all over themselves to talk to this worthless hack about his views on the election and CISA’s role in that but now that his department is nuts deep in this hacking scandal no one in the MSM wants to talk to him. Double standard much? How about getting him on and questioning him about what they knew and when they knew it.

              https://www.foxnews.com/media/christ...hack-elections

              Comment


              • #22
                Pompeo: Russians are 'pretty clearly' behind hack of US government | Fox News

                Which happens first, Trump condemning Russia, or Trump firing Pompeo?

                Comment


                • #23
                  Originally posted by 1979Shocker View Post
                  Pompeo: Russians are 'pretty clearly' behind hack of US government | Fox News

                  Which happens first, Trump condemning Russia, or Trump firing Pompeo?
                  Here goes the Russian hoax again. He has another month. Let's impeach him again.

                  Comment


                  • #24
                    Originally posted by revenge_of_shocka_khan View Post
                    I guess we are going to have to agree to disagree.
                    Wait a minute. You are not still claiming that it was a possibility that they rolled out a patch to their flagship software that was not digitally signed are you?

                    Originally posted by revenge_of_shocka_khan View Post
                    If you put patches and fixes on those sites for your PC, laptop, home router, printer and so on and someone downloads malware or a virus because the patch was not digitally signed (or something else went wrong) do you think they are going to have confidence in purchasing that companies products in the future?
                    Right, and therefore to even think that a company like SolarWind -- whose flagship product is a major network infrastructure monitoring system -- could even possibly do something like that is beyond comprehension.

                    Originally posted by revenge_of_shocka_khan View Post
                    Here's something else for you to think about.......If the malware was installed before the digital signature, they should have been comparing the binaries as well. And that would also have caught it.
                    Yes, if it was the signing process itself that was compromised -- which seems very unlikely. Far, far, far more likely it was their _code base_ that was hacked. In that case a unique hash is expected, and there are no binaries to compare. If a trojan horse was delivered in a patch, that should be your first guess as to the attack vector -- not wasting cycles on the digital signing process.

                    Originally posted by revenge_of_shocka_khan View Post
                    PS: your #2 is not plausible based on what is already known. What I've heard and read seems to point out that a server was compromised. That would rule out certificate forgery. It might also rule out unsigned patches as well.
                    No it wouldn't. In fact just the opposite -- if a "server" (which can mean many things) was compromised, it's entirely possible that server was used to distribute root certs required for an upstream MIIM SSL proxy attack. And that same SSL proxy attack is _definitely_ one technique to forge digital signatures.

                    Or that server may have had nothing to do with SSL forgeries at all. It's impossible to say or even draw an opinion about without more details on what type of server was compromised. Maybe it was their source code server that was compromised? It could really mean anything.

                    But a hacked server puts an MIIM SSL attack in play, not take it off the table.

                    Originally posted by revenge_of_shocka_khan View Post
                    PSS: Shame on FireEye for running such crappy network monitoring software. They are a pretty expensive company, and the space they play in would tend to put a gigantic target on their backs.
                    I don't know anything about them. Though you are making me almost interested enough to go read up on this attack.
                    Kung Wu say, man who read woman like book, prefer braille!

                    Comment


                    • #25
                      Originally posted by Shockm View Post

                      The Intelligence community tells us that China has designs on being a World Super Power. Russia wishes to be a powerful world power, but realistically, their time has passed, and they are more of a nuisance whose power needs to be taken seriously and punished but not placed on the same tier as China.
                      These thoughts were echoed as well by a former Trump appointee then fired. Several of his cabinet agree that it has Russian ties including most recently Mike Pompeo who up until now has been lock step with the CIC. The president seems reluctant to agree and still thinks China is the culprit. As for me I will believe Shoxlax about cozy bear.

                      Comment


                      • #26
                        Originally posted by pogo View Post

                        These thoughts were echoed as well by a former Trump appointee then fired. Several of his cabinet agree that it has Russian ties including most recently Mike Pompeo who up until now has been lock step with the CIC. The president seems reluctant to agree and still thinks China is the culprit. As for me I will believe Shoxlax about cozy bear.
                        Are you agreeing that China and Russia want to be super powers and China is ahead, or disagreeing that neither want to be super powers? Or is Russia ahead of China? Or are you just trying to get a dig in on Trump?
                        Livin the dream

                        Comment


                        • #27
                          Here are my thoughts on your question. I am of the belief that China aspires to be a super power and Russia aspires to again be one. However Russia will never be what they once were though still dangerous. China will emerge as the largest threat to stability of any nation that stands in its way to being the strongest of any super power. Satisfied? And I have no need to get a dig in on Trump.

                          Comment


                          • #28
                            Ummm... newsflash folks. China IS a world superpower. They are either #1 or #2 in economic standing and economic standing is what determines your ability to buy/build fancy bombs and planes. But I doubt China has any interest in a military conflict and neither do we. They aim to take over the reigns without firing a bullet. Our appropriate response? Well it sure isn't going to be saber rattling or economic sanctions. We must compete against them on the grand stage. The rest of the world will vote on the next king with their geopolitical partnering. Now, if China's GDP leaves ours in the dust, there won't be any vote. It will be implied who's king.

                            Comment


                            • #29
                              I don't understand.....why would Russia hack anything when Trump is so buddy buddy with them that he would just open the back door, or front door, as it were?

                              Comment


                              • #30
                                Originally posted by WuDrWu View Post
                                I don't understand.....why would Russia hack anything when Trump is so buddy buddy with them that he would just open the back door, or front door, as it were?
                                Because they know he won't do a damn thing about it. And now that Trump's leaving, they know their window of time is closing.

                                You have not made statements blaming China, but are coming from a place of curiosity, which I can respect. The ones blaming China evidently have some sort of intellectual limitation or they just believe everything Trump says because, well, they worship him.

                                Some of the others here are not coming from a place of curiosity and can't seem to understand that the DNC hack of Hillary's emails was, in all probability engineered by Russian Spymasters and Putin seems to have something on Trump.

                                If you don't believe this, why don't we go back to the summit when Trump publicly said he was giving Putin the benefit of the doubt regarding election interference and saying his own NSA and CIA were full of it. I'm guessing that was 18 months to two years ago.

                                He has a history of saying and doing these things.

                                Comment

                                Working...
                                X