And the source of this appears to have been mind numbingly stupid single factor authentication (password) on a source for updates.

Granted it’s the kind of stupid we knew about when Bill was in charge, so great that lessons that lessons Bill might actually have learned have to be relearned.

If an "internet security" company can't come up with a better password than that.........

They sound like a bunch of amateurs.

Microsoft, for all of the complaints, has brought a vital technology to the world. Along with the technology comes destructive people determined to spoil using it, from something as selfish as being remembered for creating a virus, to something as nefarious as destroying a nation.

Mr. Gates retired many years ago, but Microsoft and its employees continue to fine tune their products. I appreciate Apple too, but I have always used laptops and this o.p. is about Microsoft's effort to combat this latest hack.

exactly what was done to "nearly obliterate the actions of some of the most sophisticated offensive hackers out there." How it has damaged the hackers... It's good to get some positive news on the fall out after the hack.

I hear you about the need for positive news!

Just imagine how we will feel when chumputin & coconspirators are indicted!

Unless they set foot on U.S. soil nothing will ever be done legally.

The judicial branch can sit this one out.

someone who said they'd be indicted. That will never happen in this country. Biden can retaliate as he sees fit, but they'll never go to court. That was my point.

If a Russian resident under indictment in the US travels to a country that has an extradition treaty with the US, they could be arrested on arrival in that country and sent to the US.

It can be a big issue for some people, as it can really curtail where they can travel.

https://www.interpol.int/en/How-we-work/Notices/Red-Notices

... retaliate.

it was about being indicted. Of course we can retaliate, but they'll never be subject to U.S. legal prosecution.

Allies of ours, if they visit those countries. Their world is smaller now.

They don't have much choice given the weak response of our so called ICs

But, as Nancy so aptly stated, "All roads lead to Russia with shitstain.

I'm really grateful that MS is reacting with forceful actions!

The text indicates that the malware attack is, now, ALMOST neutralized. The damage is done and there are zero consequences for Russian intelligence, so calling it “Death Star” is a non-starter. More like “Clean Up on Aisle 2020.”

From the article: “They may still have access to compromised networks through other means: that’s what incident responders are likely working on now. And there’s no undoing whatever they did while the infiltration went unnoticed for months.”

But patriarchy is always reactive.

I can only hope that there were built-in protective measures that are classified.

This is what we get with a traitor in the WH.

Where appropriate of course.

The Russians need to be cyber attacked and serious damage occur to their servers and infrastructure. If they respond, hit them even harder and impose sanctions on the Putin regime. Hopefully, once up and running, the Biden/Harris Administration will have the courage to do so to the extent possible for an Executive branch.

What they have already done should have gotten them immediate sanctions. Sanctioned bigly.

is closing the barn door. MS is doing that. We have to realize, these intrusions have been going on for months. We may clean up the mess they left behind, but what's really important is ascertaining what they stole. What information is now compromised.

"Finally, today, Wednesday, Dec. 16, Microsoft basically changed its phasers from “stun” to “kill” by changing Windows Defender’s default action for Solorigate from “Alert” to “Quarantine,” a drastic action that could cause systems to crash but will effectively kill the malware when it finds it."

LOL @ M$FT. Still crashing after all these years.

for a more reliable source with a report on what happened.

It is a horrifying scenario. Looks like they got into almost everything and there’s no short-term solution. The damage is probably ongoing, and will be into the indefinite future.

https://www.washingtonpost.com/business/technology/government-warns-new-hacking-tactics-russia/2020/12/17/bba43fd8-408c-11eb-a402-fba110db3b42_story.html

Purging the intruders and restoring security to affected networks could take months, some experts say, because the hackers moved rapidly from the initial intrusions through the corrupted software patches to collect and deploy authentic system credentials, making discovery and remediation far more difficult. Closing the digital back doors initially created by the Russians will not suffice because they appear to have stolen keys to an unknown number of official doorways into federal and private corporate systems, according to investigators at FireEye, a cybersecurity firm that also was hacked.

On Monday, Microsoft and FireEye diverted the channel the Russians used to send commands to systems that download the corrupted patch, causing the malware to shut down. But that does not help those organizations whose networks the Russians have deeply penetrated.
...
The Russian hackers are known for their stealth and ability to dwell at length inside compromised networks undetected. “My biggest concern would be if you’ve got an advanced adversary that has been in the network for a long time,” said Jack Wilmer, until August the Pentagon’s chief information security officer, who has no independent knowledge of the incident. “It may be very difficult to get them out and to be assured of the fact they’re no longer there.”

in complacency and leave us defenseless against a dangerous opponent.

Russia should suffer major consequences for the attack, both in the cyber realm and elsewhere, but this ain't it.

Kind of like cancelling a credit card after it was used for an unauthorized shopping spree.

Cyberspace is where more wars are being fought, not with behemoth battleships. We need a serious evaluation of how we spend our defense dollars because I think we might be allocating too much to building war materiel, since that keeps jobs and makes the billionaire investors in companies like Lockheed Martin, Boeing, and Ratheon very happy. In fact, I’m sure the whole federal government needs a tech update since we know Trump and Republicans have starved it of resources in an effort to destroy as much as possible.

Ridiculous!

I can only hope our new admin will indict & punish all traitors to the absolute fullest extent of the law!

To "crack" a password, the brute-force method means try every possible combination of letters in a word as the password, see if the system lets you in, or you successfully de-encrypt some captured "secret" information.

Since the combination of all possible letters is huge, in today's computing environment, it can take 10,20 even 100 or 1000 years to reasonably expect to achieve success at guessing the correct password.

Quantum computers are going to be *spectacularly faster* than today's computers, even 100 million times faster.

http://quantumly.com/quantum-computer-speed.html

So with quantum computers, that 1000 year problem, becomes a 1/10th of a second problem.

However, no amount of quantum computing is ever going to make up for the idiocy of keeping a password as "solarwinds123". A password probably printed on the outside of the box in which it was shipped. Also, going with the lowest bidder. No computer in the world can make up for that very human failing of laziness. Only wisdom can fix things like this.

Coincidentally, I was recently studying up on quantum computing and how a single hardware circuit can simultaneously contain multiple digital states. Pretty sweet, let me tell you!

IT folks are working hard at it, but Quantum Computing is not yet proven practical. Hell, we still don't know when it will be - perhaps 4 or 5 years which is an eternity in the IT world.

For now complex pass phrases of 14 characters or more, and 2 factor authentication are the Masks and hand washing of IT loss prevention. Easy to use - but most folks don't understand the need and shrug them off as an inconvenience.

Criminal that SolarWinds used such a crap password for their production rollout of the updates however - they need to be fined heavily. IT pros should know better.

It is still unstable.

Unreal how these flag waving fake patriots damage America. Trumpers hate science, hate Gates, hate Fauci. They worship a guy who sold a mansion to Russians for 3 times its value then became President 6 years later and helps Russia. Bill Gates helps the world against disease and his company helps secure the world vs Russian attacks. Fauci is a hero.

It is simply amazing how much damage these Trump loving aholes have done and continue to do to the country, all while pretending to be patriots. Russia figured out long ago the best weapon against America was fooling its most gullible citizens. These Trumpers are literally doing the bidding of Putin.

The stupidity is truly mind boggling!

At least we will have a competent admin for the next 4 years!

And I most certainly hope our new DOJ will indict, convict the guilty & punish to the fullest extent of the laws! Every. Single. One. Of. Them!

While the Solorigate was active, the hackers had plenty of time and opportunity to plant a variety of persistent threats in the victim's networks.

So just eliminating the Solorigate malware and disabling the command server doesn't secure the networks.

But I'm sure there are measures being taken that are not being publicly discussed.

The only safe response would be to go back to the last known good OS and infrastructure software builds. But that won’t happen.

This will remain an ongoing advanced persistent threat to ALL enterprises and Governments. For a long time to come.

We’re talking about the Russians on this, but honestly, why would a company with such negligent disregard for what is basic security be allowed to continue in operation? And what will prevent their security people from being employed in this field in the future? We’ll treat it as if nothing could have been done. That’s just not true, but hey “Mistakes were made.”

If the operating system wasn't put together out of bits and pieces, it wouldn't have been vulnerable to this kind of attack in the first place. Real operating systems such as Unix are monolithic and cannot be infected like this. A little history about why Microsoft sucks: In the days when memory was expensive and small, Microsoft used bits of code called DLL's (download link and load) to allow big programs to run in limited memory space. As time went on computers were able to address more memory (went from 8 bit to 64 bit) and memory got cheap and plentiful. Instead of abandoning DLL's, Microsoft just loaded them sequentially in memory (yuck!), This allowed hackers to substitute or add operating system DLL's to infect the computer on startup.

What they are doing with 10 is beyond ridiculous!

I'm not an IT pro, so I was unaware of what you have shared. Doesn't surprise me at all, tbh. Ty for sharing!

It's always about greed.

But I'm glad someone is taking action. Gawd knows we cannot depend upon shitstain to look after our country's best interests!

You're more than welcome to do the research yourself. I've been in IT since 1980. I worked in the mini computer industry and lived through the rise of Microsoft which displaced so many other excellent computer systems. Microsoft should have abandoned the DLL when the hardware supported larger memory. They didn't do this because it would have forced their users to buy a new operating system and software. It was purely a marketing decision that has caused them no end of pain ever since. BTW Mac did it right. They've always had a monolithic OS - the only thing you can infect on a Mac or a Unix machine is an application like a browser. All you have to do to fix it is remove it and reinstall with a clean install.

One more thing... insurance companies charge a premium to companies that use Microsoft servers due to their inherent risk.

You can’t format the startup volume on a Mac, and - as far as I know - you can still do it on a Windows box. Worse, you at least could do it with a Word macro. If I, for some reason, actually want to wipe a Mac startup volume, I have to start the machine from a different drive.

A long time ago I set up a Windows machine for graphic arts; we were getting a lot of files created on Windows machines and, before OpenType shipped, the fonts were different. (How long ago this was: those files were made in PageMaker.) When we specced out the box, I told my salesman “I want x RAM, y disk, and an office suite not made by Microsoft.” He looked at me like I was fucking nuts, but I explained about malicious Office macros and he then understood. The machine came in with WordPerfect Office. I also asked him to bring me Ethernet cables that were all different colors, and this he wouldn’t do. Then I had to expand the network to other machines in the building, and then I used different colors for every node. The guy came in a few months after I did, and I showed him the logic: if the receptionist’s computer is on a channel on the switch that goes dead and you know her cable is green, all you need do is move the green cable to a different Jack and you’re done. Simple and efficient. He never sold another system with all-white cables again.

thanks for your reply.

Been in the biz since 1995 or so, mainly in MS shops but now in a more mixed environment. I'm not on the server side anymore, so don't have to deal with those issues! Just have to make sure my app plays nice on the server, which for me are a mix of Linux and MS. Of course, depending on the size of the company one works for, no matter what your opinion of MS or Unix or Mac might be, you have to use what corp says to!

Ah, not so fast. Unix and the macOS has advantages, but it has its share of vulnerabilities too. The biggest one is the user being willing to click to install almost anything that looks reasonable. Bogus driver updates, trojan horses, malware disguised as games or utilities, "free" versions of copyrighted software. MacOS Kernel extensions ( "kexts" ) are a great target. And even apps in the "trusted" Apple Mac Store (and iOS store) are occasionally infected.

Humor: I was the first one to call the FBI when the Morris worm hit our BSD Unix system in 1988. The next day my team got a few minutes of fame by being on the forefront of decoding exactly how it worked. A little background info ... https://en.wikipedia.org/wiki/Morris_worm

the user that something *is* being installed. Again, the operating system does NOT use shared object (.so) libraries so these canl only infect applications. On Linux, a kernel extension has to be compiled into the OS on a restart and is limited to things like 3rd party video drivers. So yes, it is possible to hack one of these systems, but it is much harder to hijack the operating system. A hacked Linux OS is much easier to fix as well. Bottom line: a Unix/Linux server isn't going to encounter the level of user interaction you're describing to make it vulnerable. Kernel updates are always done from a trusted source and usually don't use daemons to push updates quite like Windoze does so - much safer.

hacks go way deeper than Microsoft.

You remember we started it with Stuxnet.

Not techy myself, but .dll is file extension. When they work all is fine, but they will sometimes point to deleted or moved files or places in the registry that have been changed. They can cause programs to freeze or crash....they can be buggy...They aren't as much of a problem as they used to be....Never drag a dll file into the recycle bin..LOL (By default they are now hidden in Windows Explorer)

This was a big problem in Windows 95 and 98, but by Windows XP, DLL Hell seemed to be going away.

Malware may often consist of only a DLL file as opposed to an EXE file, which makes them harder to locate and remove...


https://en.wikipedia.org/wiki/Dynamic-link_library

If you are going to attack MS, at least get the terminology right.

The article is deceptive though, all the actions on MS's part have been defensive. A Death Star is not a defensive weapon.

Sounds like a horrible system!

MS sucks, but I am glad they are doing something to counteract this!

the internet/cyberspace/virtual between countries. Nice to see a news report that the U.S is fighting back.

We all know chumputin will do nothing to stop the destruction of our country for putin!

And we're not without our own offensive capabilities. New sheriff in town on Jan. 20. Payback will be hell.

If anyone thought the Cold War ended with the fall of the USSR, they are sorely mistaken. Russian nationalists and KGB types kept that fire alive and now we're back to 1968 in that regard. They were and are the sworn enemy of western democracy. How those in my age group can throw off decades of conditioning and think the Russians are our friends because a spray tan con man says so is beyond me.

To paraphrase James T. Kirk, I've never trusted Russians and I never will.

I can't wait for our "new sheriff" to deal with Putin & our new DOJ to indict & punish puppets in this country!

But I'm glad they are countering this hack, even if (typical of patriarchy!) reactively, rather than proactively!

I only know they are out of RX & read that their system password was company name followed by 123.

Someone's head(s) needs to roll over this!

It just feels good to know someone is doing something after 4 years of traitor in WH!

We have the tools and the know how, hell, I am just a lowly ex-IT guy and I know we can do WAY more to win this war.

We just need to throw SERIOUS dollars at the effort and hire the best hacker minds out there.

One of the simplest ways to stop this is to build a national firewall system. I know it sounds a lot like Trumps wall, but this is different, we really are being ATTACKED across the Internet border.

Hugs to you to, hope you are doing well, my friend. Stay well, SheltieLover!

Nine months or more of sifting through all of the data they could ever wish for at will can be boring. They had probably moved on to other things.

What we need right now to feel safe is a Star Wars reference and a puff-piece on Microsoft.

Note to SheltieLover: This is not directed at you. I find your wild eyed optimism refreshing. Please, keep doing you.

and several people were working on the same load, each of us checked for diffs after each build.

1) Revoking digital certificates is done everyday. Its effectiveness depends on whether every client machine is configured properly to always check for revoked certificates. Doesn't do anything to repair already-compromised systems.

2) Two and four are Microsoft bragging that it added a virus definition to its antivirus software. *slow clap*

3) Sinkholing the domain is the only thing here that could be considered a "death star" move. It's an important mitigation step, but depending on how the trojan is designed, it's far less effective than the article implies. Sophisticated attackers would not design a worm that can only be accessed through a single domain. What likely happens is the trojan infects a system, then sends a message to the domain notifying the hackers that a new system has been compromised. The hackers store the info and can connect directly to the backdoor at a later time. So taking down the domain does nothing for the systems that are already infected and have already used the domain to notify the hackers. It also doesn't stop new infections from happening. It merely prevents the hackers from learning of newly infected machines.

Not trying to be a downer, but this isn't a benevolent sovereign using his awesome power to make everything right.

A cogent statement of a sad reality.

were dealing with the Russian KGB...cozi bear.

🤞🤞🤞

As said in previous posts, I'm not an IT pro, so I have little understanding of what they claim to be doing.

And I alm not a fan of MS. I just thought it would be nice to share with the community an article I thought was some good news.

We are quite obviously long plast due for justice!

The malware could have lots of different domains and just try the next one in the list if the first one doesn't work. Or even just have a list of IP addresses and bypass domain name lookups entirely.

Revoking the compromised signing key and tying up their domain name is standard-procedure, not anything close to something I'd call a "Death Star" response.

Kudos to Microsoft for adding signing requirements to apps. But that's something that Microsoft and Apple have been doing for a long time. Not exactly a new weapon rolled out in response to this attack. And the article doesn't describe anything more than trying to dismantle their attack .... i.e. nothing going back to infect (or even reveal) the attackers. I'm hoping there's a lot more going on than what's public.

Or maybe I don't know better. Vastly overstated and hyped.

According to the IT pros' posts above, it isn't much, but it is something.

Considering chumputin is saying / doing nothing, I think it is a good sign!

And yw!

No IT pros posted above.

Good to know someone is taking action to protect our natiinal interests, since the russian asset in the WH won't.

Last edited Thu Dec 17, 2020, 04:21 PM - Edit history (1)

How much did putin pay for this?

This company needs to be prosecuted & barred from future govt work.

That’s like leaving the keys to Fort Knox hanging on the doorknob.

This company should be held liable & owners / decision makers punished to the fullest extent of the law & banned from govt. contracts. Perhaps russian assets? I had never heard of the company but it is hard to imagine high leve IT folks being this stupud about security.

A 5 year old would know better!

that piece reads like a damn press release from Microsoft

going after the cracker domain helps short term, but crackers will simply create more
updating "Windows Defender" is an expected minimal beginning of a response

the sad truth: every one of those compromised systems is suspect, many will need to be scrapped and replaced, entire networks must be rebuilt ground-up. impacted agencies and companies will face delays and incur significant expenses replacing hosts and verifying security. those that cut costs put anyone engaging them with online transactions at risk of malware infection and identity theft.

the OP article reads like a puff piece for Microsoft.

Next.

I was sitting at the receptionist desk when he came in to meet with one of the business lawyers in his dad's law firm. Later that day, I asked Mr. Gates' secretary, "Who was that geeky guy that came in earlier?" She replied, "That's Mr. Gates' son and he is making a company that makes the brains for computers. And you know how smart computers are!" I am so proud of this wonderful family.

to oversee cyber security? Is it because it's too risky?

And I just received it a few minutes ago.

Are they forcing patches on our laptops?

Although I think they caught me last week.

Maybe it was and I missed it. But watched NBC and CBS evening news, as well as msnbc and only heard what a disaster it was. Not even any mention of Microsoft, just Solarwind.

least.

I just googled Microsoft Death star and the only references that come up are the Geekwire, reddit, crooks and liars which just references Geekwire's article. See nothing at all from mainstream media. No interviews I've seen with Democratic congressmen/senators have mentioned it when talking about the hack.

I hope it's true, but can find no evidence that it is. Please provide a link to the articles in the"Post" you have seen.

Many thanks.

anything other than a hyped-up PR stunt for Microsoft. Check this link for solid information and facts:

https://www.washingtonpost.com/business/technology/government-warns-new-hacking-tactics-russia/2020/12/17/bba43fd8-408c-11eb-a402-fba110db3b42_story.html

and the geek wire article overstated the significance of the action Microsoft initiated.

From the W/P