How does Microsoft wield the authority to take over domains? On Mon, Dec 14, 2020, 9:58 PM Steve Jones <[email protected]> wrote:
> Wow > I wonder if Orion allowed disabling the quality improvement. I always > disable it on anything that let's me. > I'm not quite sure why fire eye still is leading this charge, it's kind of > like letting a leper check your prostate > > https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html > > On Mon, Dec 14, 2020, 2:35 PM Steve Jones <[email protected]> > wrote: > >> Lol, doublecheck for what though? >> >> >> So now fireye says it was solar wind hacking that breached them >> >> >> https://www.usatoday.com/story/tech/2020/12/14/fireeye-solarwinds-hack-breach-cybersecurity-attack/6538645002/ >> >> Granted I doubt USA today "journalists" know much about what they're >> writing about. >> >> This makes the "russia did it" claims on fireye part even more suspect, >> since they dont have the forensics of solar wind, unless they are the >> security of solar wind. >> >> This is going to be a fascinating thing to watch play out. >> >> I dont think most in the media realize this isnt a read only thing. The >> Orion components we were looking at required write access and >> administrative credentials. And that's a tiny podunk wisp. >> >> On Mon, Dec 14, 2020, 2:08 PM Ryan Ray <[email protected]> wrote: >> >>> Lots of stuff runs under Orion. >>> >>> Application Centric Monitor (ACM) >>> >>> Database Performance Analyzer Integration Module (DPAIM) >>> >>> Enterprise Operations Console (EOC) >>> >>> High Availability (HA) >>> >>> IP Address Manager (IPAM) >>> >>> Log Analyzer (LA) >>> >>> Network Automation Manager (NAM) >>> >>> Network Configuration Manager (NCM) >>> >>> Network Operations Manager (NOM) >>> >>> Network Performance Monitor (NPM) >>> >>> Network Traffic Analyzer (NTA) >>> >>> Server & Application Monitor (SAM) >>> >>> Server Configuration Monitor (SCM) >>> >>> Storage Resource Monitor (SCM) >>> >>> User Device Tracker (UDT) >>> >>> Virtualization Manager (VMAN) >>> >>> VoIP & Network Quality Manager (VNQM) >>> >>> Web Performance Monitor (WPM) >>> >>> >>> If you're running any of those, double check your network asap. >>> >>> On Mon, Dec 14, 2020 at 12:02 PM Steve Jones <[email protected]> >>> wrote: >>> >>>> Their sales folks are definitely aggressive. At least its currently >>>> only limited (known) to two Orion platforms. Im really concerned about >>>> this: "...and intended to be a narrow, extremely targeted, and manually >>>> executed attack..." what does manually executed mean? Like some dude stuck >>>> a USB key in the DOS box running their whole operation? >>>> >>>> >>>> SolarWinds asks customers with any of the below products for Orion >>>> Platform v2020.2 with no hotfix or 2020.2 HF 1 to upgrade to Orion >>>> Platform version 2020.2.1 HF 1 as soon as possible to ensure the security >>>> of your environment. This version is currently available at >>>> customerportal.solarwinds.com. >>>> >>>> >>>> >>>> SolarWinds asks customers with any of the below products for Orion >>>> Platform v2019.4 HF 5 to update to 2019.4 HF 6, which will be >>>> available today, December 14, 2020, at customerportal.solarwinds.com. >>>> >>>> >>>> >>>> No other versions of Orion Platform products are known to be impacted >>>> by this security vulnerability. Other non-Orion products are also not known >>>> to be impacted by this security vulnerability. >>>> >>>> On Mon, Dec 14, 2020 at 1:53 PM Ryan Ray <[email protected]> wrote: >>>> >>>>> This is a big deal. Solarwinds Orion is a product used in many of the >>>>> Top 100 companies in the world. Including tons of healthcare. >>>>> >>>>> I dislike Solarwinds for many reasons and refused to use them even >>>>> before this hack. Just add another reason to the list. >>>>> >>>>> >>>>> >>>>> On Mon, Dec 14, 2020 at 11:49 AM Steve Jones < >>>>> [email protected]> wrote: >>>>> >>>>>> So Im reading this now that Solar Winds updates have been delivering >>>>>> payloads since june or july. Solar winds having crazy levels of access to >>>>>> interior infrastructures. >>>>>> >>>>>> Im not sure what this is saying, it sounds like what fireye >>>>>> isnt saying outwardly is their toolset was stolen prior to that and that >>>>>> was how they were able to circumvent the solarwinds security >>>>>> infrastructure, as solar winds relied on fireye? >>>>>> >>>>>> Anybody come across any good detail on solar winds impacted software? >>>>>> Like if you downloaded the free subnet calculator, will they be taking >>>>>> your >>>>>> google home account too? Imma be pretty pissed if they mess with my >>>>>> google >>>>>> play playlists. >>>>>> >>>>>> I wonder if the disruptions with office365 and the weird spam filter >>>>>> changes lately are related to cleanup prior to publication. >>>>>> >>>>>> We are a tiny company and got withing a hair of pulling the trigger >>>>>> on various solarwinds offerings over the years. Thats with tiny company >>>>>> tiny budgets. I cant imagine CTO voicemails going down around the world >>>>>> today, depending on budget, you hand the keys over to solarwinds, and by >>>>>> design, each key you hand over makes sense to spend a little more and >>>>>> hand >>>>>> over another key. How would you even begin to clean up your organization >>>>>> when your systems that would provide you your forensics are the systems >>>>>> that did the damage? >>>>>> >>>>>> Is this just mediahype and more russia russia russia, or is this as >>>>>> big of a deal as it seems >>>>>> >>>>>> On Mon, Dec 14, 2020 at 9:01 AM dave <[email protected]> wrote: >>>>>> >>>>>>> DA HUMANITY!! >>>>>>> >>>>>>> >>>>>>> On 12/14/20 8:58 AM, Ken Hohhof wrote: >>>>>>> >>>>>>> I had a customer this morning complaining she couldn’t “sign on” to >>>>>>> the Internet. I mentioned that Google had an outage this morning, but >>>>>>> she >>>>>>> responded that she doesn’t use any Google services. Of course her email >>>>>>> was from a Gmail address. >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> *From:* AF <[email protected]> <[email protected]> *On >>>>>>> Behalf Of *Mike Hammett >>>>>>> *Sent:* Monday, December 14, 2020 6:54 AM >>>>>>> *To:* AnimalFarm Microwave Users Group <[email protected]> >>>>>>> <[email protected]> >>>>>>> *Subject:* Re: [AFMUG] Fireye >>>>>>> >>>>>>> >>>>>>> >>>>>>> "I know I'm next, they're coming after my google home mini and my >>>>>>> netflix account." >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> aaaaannnndddd Google is broken this morning. >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> ----- >>>>>>> Mike Hammett >>>>>>> Intelligent Computing Solutions <http://www.ics-il.com/> >>>>>>> <https://www.facebook.com/ICSIL> >>>>>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >>>>>>> <https://www.linkedin.com/company/intelligent-computing-solutions> >>>>>>> <https://twitter.com/ICSIL> >>>>>>> Midwest Internet Exchange <http://www.midwest-ix.com/> >>>>>>> <https://www.facebook.com/mdwestix> >>>>>>> <https://www.linkedin.com/company/midwest-internet-exchange> >>>>>>> <https://twitter.com/mdwestix> >>>>>>> The Brothers WISP <http://www.thebrotherswisp.com/> >>>>>>> <https://www.facebook.com/thebrotherswisp> >>>>>>> >>>>>>> >>>>>>> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> >>>>>>> ------------------------------ >>>>>>> >>>>>>> *From: *"Steve Jones" <[email protected]> >>>>>>> *To: *"AnimalFarm Microwave Users Group" <[email protected]> >>>>>>> *Sent: *Sunday, December 13, 2020 9:57:21 PM >>>>>>> *Subject: *Re: [AFMUG] Fireye >>>>>>> >>>>>>> Nope, per fireye, the toolset had to be released because of it being >>>>>>> stolen, was not "in the wild" >>>>>>> >>>>>>> >>>>>>> >>>>>>> Going to get really interesting to see what comes of this, two >>>>>>> federal agencies just happen to get hit shortly after. You can do plenty >>>>>>> when you know how you would have otherwise been caught. >>>>>>> >>>>>>> >>>>>>> >>>>>>> And that's all fireye admits to having been breached. I'm gonna go >>>>>>> ahead and not take their word on it definitively having been russia >>>>>>> either. >>>>>>> Convenient timing after iran specifically has stated they're going to >>>>>>> retaliate for the dead scientist. China will probably confirm this >>>>>>> shortly >>>>>>> >>>>>>> >>>>>>> >>>>>>> Pretty sure this is far from over and pretty sure this company is >>>>>>> just the first to go public. >>>>>>> >>>>>>> >>>>>>> >>>>>>> I know I'm next, they're coming after my google home mini and my >>>>>>> netflix account. >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Sun, Dec 13, 2020, 9:10 PM Ken Hohhof <[email protected]> wrote: >>>>>>> >>>>>>> Not saying you are wrong. >>>>>>> >>>>>>> >>>>>>> >>>>>>> But I think I read somewhere that the Fireye tools that were stolen >>>>>>> were a collection of malware already in the wild that they used for >>>>>>> testing >>>>>>> of client networks. So it was stuff already available, just neatly >>>>>>> packaged. >>>>>>> >>>>>>> >>>>>>> >>>>>>> The guys who really f’d up were the “Equation Group” (cough, cough, >>>>>>> NSA) who lost novel and very powerful hacking tools like Eternal Blue to >>>>>>> the Shadow Brokers group. >>>>>>> >>>>>>> >>>>>>> >>>>>>> *From:* AF <[email protected]> *On Behalf Of *Steve Jones >>>>>>> *Sent:* Sunday, December 13, 2020 8:45 PM >>>>>>> *To:* AnimalFarm Microwave Users Group <[email protected]> >>>>>>> *Subject:* [AFMUG] Fireye >>>>>>> >>>>>>> >>>>>>> >>>>>>> These guys F'd up beyond belief. >>>>>>> >>>>>>> >>>>>>> >>>>>>> Inept as jaime would say >>>>>>> >>>>>>> -- >>>>>>> AF mailing list >>>>>>> [email protected] >>>>>>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> AF mailing list >>>>>>> [email protected] >>>>>>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> AF mailing list >>>>>>> [email protected] >>>>>>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>>>>>> >>>>>> -- >>>>>> AF mailing list >>>>>> [email protected] >>>>>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>>>>> >>>>> -- >>>>> AF mailing list >>>>> [email protected] >>>>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>>>> >>>> -- >>>> AF mailing list >>>> [email protected] >>>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>>> >>> -- >>> AF mailing list >>> [email protected] >>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>> >> -- >> AF mailing list >> [email protected] >> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >> >
-- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com
