On 27/1/22 10:19 pm, Mike Schwab wrote:
On Thu, Jan 27, 2022 at 10:12 AM David Crayford <dcrayf...@gmail.com> wrote:
On 27/1/22 2:35 pm, ITschak Mugzach wrote:
<deleted>
At Solarwind, twice the
size of Rocket, the toxic code was injected during the build process, by
someone(s) penetrated long before they started to interfere with code. BTW,
the Solarwind attack was based on a vendor code, not open source.
And how did the system get penetrated to inject the malicious code?
Social engineering? What I find disconcerting is that nobody noticed
malicous code in the code reviews and pull requests.
It was added after that part. It was only sent to users.
They don't know that. According to Microsofts analysis [1] the attackers
were able to access the company’s software development or distribution
pipeline. As this is obviously the work of a nation state is pretty
difficult to protect against intelligence agencies. They could have
bribed somebody on the inside, blackmailed them or had a bad actor on
the inside. Almost all of the DoD leaks have been down to corrupt
employees taking bribes.
Remember Stuxnet and Flame? No hardware or operating system is secure
from organisations that have teams of engineers with IQs of 170 backed
by spies engaged in espionage.
[1]
https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
