Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
How Enterprises Are Assessing Cybersecurity Risk in Today's EnvironmentThe adoption of cloud services spurred by the COVID-19 pandemic has resulted in pressure on cyber-risk professionals to focus on vulnerabilities and new exposures that stem from pandemic-driven changes. Many cybersecurity pros expect fundamental, long-term changes to their organization's computing and data security due to the shift to more remote work and accelerated cloud adoption. Download this report from Dark Reading to learn more about their challenges and concerns.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
User Rank: Ninja
7/15/2021 | 1:21:20 PM
Was this a supply chain issue or was this a flaw in a program that is part of the application that Solarwinds happen to select (not sure why they did not use WinSCP or OpenSSH but that is for another conversation)? In addition, the software has a peer-to-peer file sharing capability and folder synchronization (that is your problem right there), not sure why this was allowed to be part of the application stack, OpenSSH gives you that capability over an encrypted tunnel or WinSCP does the same thing.
In addition, since this uses SSH and Key-Mgmt capabilities, this should have not been compromised because the key should have been unique during its creation process or unless someone created a backdoor in the key creation process, not sure there but not sure why they did not remove the "P2P" file-sharing process.
Oh well, too late to cry over spilled milk, the damage has already been done.
Todd