I guess we are going to have to agree to disagree. I've been doing what I do for a long time and I've seen companies do a lot of dumb things. It actually keeps me gainfully employed. Your last post compares an app store to a lemonade stand. If you put patches and fixes on those sites for your PC, laptop, home router, printer and so on and someone downloads malware or a virus because the patch was not digitally signed (or something else went wrong) do you think they are going to have confidence in purchasing that companies products in the future? I would say those control should be in place whether you think they are foolproof or not and whether you are right or not (although you've given yourself a lot of real estate here) is yet to be determined. Companies have controls for a lot of reason, but in this case, these controls are for protection of reputation. You lose your reputation, you will lose your customers.

Here's something else for you to think about.......If the malware was installed before the digital signature, they should have been comparing the binaries as well. And that would also have caught it.

PS: your #2 is not plausible based on what is already known. What I've heard and read seems to point out that a server was compromised. That would rule out certificate forgery. It might also rule out unsigned patches as well.

PSS: Shame on FireEye for running such crappy network monitoring software. They are a pretty expensive company, and the space they play in would tend to put a gigantic target on their backs.

Absolutely. He'd do it a lot quicker than Tramp, who is too busy kissing Putin's ass and holding his annual (actually never ending) festivus celebration. So let me ask you a question, do all you guys like Putin, too? You seem to think China's the scourge of the earth, but Putin is screwing us as well, a fact you seemingly can't grasp.

Please provide me with real evidence of said "butt kissing" and Russion collusion? I can point to Hiden Joe China corruption fairly easily.

That’s because you’re an elitist authoritarian.

The Intelligence community tells us that China has designs on being a World Super Power. Russia wishes to be a powerful world power, but realistically, their time has passed, and they are more of a nuisance whose power needs to be taken seriously and punished but not placed on the same tier as China.

Sure is funny how the MSM was falling all over themselves to talk to this worthless hack about his views on the election and CISA’s role in that but now that his department is nuts deep in this hacking scandal no one in the MSM wants to talk to him. Double standard much? How about getting him on and questioning him about what they knew and when they knew it.

https://www.foxnews.com/media/christ...hack-elections

Pompeo: Russians are 'pretty clearly' behind hack of US government | Fox News

Which happens first, Trump condemning Russia, or Trump firing Pompeo?

Here goes the Russian hoax again. He has another month. Let's impeach him again.

Wait a minute. You are not still claiming that it was a possibility that they rolled out a patch to their flagship software that was not digitally signed are you?

Right, and therefore to even think that a company like SolarWind -- whose flagship product is a major network infrastructure monitoring system -- could even possibly do something like that is beyond comprehension.

Yes, if it was the signing process itself that was compromised -- which seems very unlikely. Far, far, far more likely it was their _code base_ that was hacked. In that case a unique hash is expected, and there are no binaries to compare. If a trojan horse was delivered in a patch, that should be your first guess as to the attack vector -- not wasting cycles on the digital signing process.

No it wouldn't. In fact just the opposite -- if a "server" (which can mean many things) was compromised, it's entirely possible that server was used to distribute root certs required for an upstream MIIM SSL proxy attack. And that same SSL proxy attack is _definitely_ one technique to forge digital signatures.

Or that server may have had nothing to do with SSL forgeries at all. It's impossible to say or even draw an opinion about without more details on what type of server was compromised. Maybe it was their source code server that was compromised? It could really mean anything.

But a hacked server puts an MIIM SSL attack in play, not take it off the table.

I don't know anything about them. Though you are making me almost interested enough to go read up on this attack.

These thoughts were echoed as well by a former Trump appointee then fired. Several of his cabinet agree that it has Russian ties including most recently Mike Pompeo who up until now has been lock step with the CIC. The president seems reluctant to agree and still thinks China is the culprit. As for me I will believe Shoxlax about cozy bear.

Are you agreeing that China and Russia want to be super powers and China is ahead, or disagreeing that neither want to be super powers? Or is Russia ahead of China? Or are you just trying to get a dig in on Trump?

Here are my thoughts on your question. I am of the belief that China aspires to be a super power and Russia aspires to again be one. However Russia will never be what they once were though still dangerous. China will emerge as the largest threat to stability of any nation that stands in its way to being the strongest of any super power. Satisfied? And I have no need to get a dig in on Trump.

Ummm... newsflash folks. China IS a world superpower. They are either #1 or #2 in economic standing and economic standing is what determines your ability to buy/build fancy bombs and planes. But I doubt China has any interest in a military conflict and neither do we. They aim to take over the reigns without firing a bullet. Our appropriate response? Well it sure isn't going to be saber rattling or economic sanctions. We must compete against them on the grand stage. The rest of the world will vote on the next king with their geopolitical partnering. Now, if China's GDP leaves ours in the dust, there won't be any vote. It will be implied who's king.

I don't understand.....why would Russia hack anything when Trump is so buddy buddy with them that he would just open the back door, or front door, as it were?

Because they know he won't do a damn thing about it. And now that Trump's leaving, they know their window of time is closing.

You have not made statements blaming China, but are coming from a place of curiosity, which I can respect. The ones blaming China evidently have some sort of intellectual limitation or they just believe everything Trump says because, well, they worship him.

Some of the others here are not coming from a place of curiosity and can't seem to understand that the DNC hack of Hillary's emails was, in all probability engineered by Russian Spymasters and Putin seems to have something on Trump.

If you don't believe this, why don't we go back to the summit when Trump publicly said he was giving Putin the benefit of the doubt regarding election interference and saying his own NSA and CIA were full of it. I'm guessing that was 18 months to two years ago.

He has a history of saying and doing these things.