@KimZetter Someone asked me to provide a simple description of what this SolarWinds hack is all about. So for anyone who is confused by the technical details, here’s a thread with a simplified explanation of what happened and what it means.
In a demonstration of corporate integrity, Solarwinds has pulled the page listing their customers.
Oh, and…
SolarWinds, whose software updates were hijacked to breach U.S. government agencies, was warned last year that its update server was accessible with the password "SolarWinds123" – Reuters
— BNO News (@BNONews) December 15, 2020
Not connected in anyway to the repositioning of 4 US Carrier Fleets off the East and West Coast. Move along.
SolarWinds123??? Our local credit union recently upgraded and there was supposed to be a smith single transition from the old banking system to the new one. But any users who used complicated passwords, especially those who used autogenerated high security passwords could not transfer. Plus when you made you new password, you couldn’t use an autogenerated password because those were too complicated for the new program. Why are some companies such total idiots????
I suspect people got tired of all the typing and shortened it to SW123,or sw123 which is more likely!
Today’s Georgia rally had only a few reporters as the crowd to see President-Elect Biden(haha, sorry) 81 million votes eh?
The swearing in, they want small as they are terrified that it would be a President Trump rally instead of Biden supporters.
https://www.thegatewaypundit.com/2020/12/joe-biden-holds-parking-lot-rally-ossoff-warnock-empty-wearhouse-photos-people-guy-got-81-million-votes/
Here’s a more detailed explanation c/o Conservative Treehouse. Be sure to check out the comments, then ask yourself if you believe there is no relationship between the Solarwinds breach and the Dominion vote machine fraud?
Also, she perpetuates the “It was the Russians” misinformation. It’s way more likely Red China.
https://theconservativetreehouse.com/2020/12/14/the-solarwinds-orion-data-breach-into-federal-and-civilian-organizations-highlights-a-silent-agenda-by-foreign-actors/
Whoa whoa whoa! But we were assured that this was the most secure, safest, most awesomeness election ever in the history of elections. You remember, the guy (fired by Trump) was on 60 minutes and everything. So it must be true.
Regarding the password, that’s not really that big a deal unless they were somehow also storing an unprotected copy of their code signing certificate on the update server. The whole point of code signing is that even if someone manages to distribute tainted binaries, they’ll fail the certification check when someone tries to install them.
If you read the initial article, tainted binaries were ‘certified’
Ours are signed nightly during the regular build cycle. Automated and technically blind to who writes the code, as long as it’s in the right place. The certificate we use is well within our “protective circle” and not easily accessible even within it. If someone penetrated our system to do something similar by inserting malicious code into our source files or libraries, it would work if undetected. On the update server, everything is already code-signed, so entry at that point would fail.
So then, Solar Winds was as easy to hack as the DNC server? These types have some odd characteristics in common …
Things getting spicy in DC.
https://twitter.com/i/web/status/1338998492182810625
3 interesting tweets about Solarwinds from Tom Graham.
https://twitter.com/tom2badcat/status/1339042997627973633?s=20
https://twitter.com/tom2badcat/status/1339042335276081155?s=20
https://twitter.com/tom2badcat/status/1339008291993743360?s=20
Oh and isn’t December 18 when the DNI reports to President Trump about foreign interference in the U.S. election which could trigger his Executive Order of September 2018 which is still in effect.