Posted by
Marcus G. Daniels on
Dec 16, 2020; 4:07pm
URL: http://friam.383.s1.nabble.com/5-agencies-compromised-tp7599853p7599864.html
Yes, it sounds like they were methodical and patient. Impressive work.
-----Original Message-----
From: Friam <
[hidden email]> On Behalf Of u?l? ???
Sent: Wednesday, December 16, 2020 7:06 AM
To: FriAM <
[hidden email]>
Subject: Re: [FRIAM] 5 agencies compromised
Well, it's one thing to simply screw up a dependency. Any programmer whose participated in a large project has done that at one point or another. But the interesting quote is this:
"Multiple trojanzied updates were digitally signed from March - May 2020 and posted to the SolarWinds updates website, ..."
They were digitally signed. Either they were legitimately signed and the vector is the typical one (humans [ptouie]) or the bad actor (not necessarily human) harvested a secret key and illegitimately signed them. And that's just the signing part. They also had to *post* them, which may well be the easier part. But it still had to be done.
How did they 1) sign the packages and 2) post the packages?
On 12/15/20 12:23 PM, Prof David West wrote:
> Web-based (most software) systems are a complicated Jenga tower of
> dependencies, each one of which provides an access point for
> introducing malware, trojans, viruses, etc. The story of Azer Koçulu
> and how his removal of eight lines of code (left-pad) brought down
> major Web actors and sites
>
>
>
https://qz.com/646467/how-one-programmer-broke-the-internet-by-deletin> g-a-tiny-piece-of-code/
--
↙↙↙ uǝlƃ
- .... . -..-. . -. -.. -..-. .. ... -..-. .... . .-. .
FRIAM Applied Complexity Group listserv
Zoom Fridays 9:30a-12p Mtn GMT-6 bit.ly/virtualfriam un/subscribe
http://redfish.com/mailman/listinfo/friam_redfish.comarchives:
http://friam.471366.n2.nabble.com/FRIAM-COMIC
http://friam-comic.blogspot.com/
- .... . -..-. . -. -.. -..-. .. ... -..-. .... . .-. .
FRIAM Applied Complexity Group listserv
Zoom Fridays 9:30a-12p Mtn GMT-6 bit.ly/virtualfriam
un/subscribe
http://redfish.com/mailman/listinfo/friam_redfish.comarchives:
http://friam.471366.n2.nabble.com/FRIAM-COMIC
http://friam-comic.blogspot.com/