iTWire - Ex-NSA hacker slams SolarWinds over wording of SEC breach filing
source link: https://www.itwire.com/security/ex-nsa-hacker-slams-solarwinds-over-wording-of-sec-breach-filing.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Tuesday, 15 December 2020 12:05
Ex-NSA hacker slams SolarWinds over wording of SEC breach filing Featured
By Sam Varghese
Jake Williams: "I strongly suspect that down the road we’ll be using this as a case study in breach PR failures." Supplied
Former NSA hacker Jake Williams has criticised the SEC filing made by security firm SolarWinds following the disclosure that the company's Orion network management software had been compromised and used to breach numerous companies in many regions of the globe.
Williams, who now runs his own outfit, Rendition Infosec, said to start with SolarWinds had claimed that the breach timeline was limited to the March-June period.
The nature of the compromise was detailed by FireEye chief executive Kevin Mandia on Monday AEDT, less than a week after his own company saw its Red Team tools being pilfered.
As iTWire reported, this morning other researchers have pointed out that SolarWinds' FTP credentials were being leaked on GitHub in November 2019 and the company was yet to remove the compromised binary from its own website.
However, it had taken care to remove a page from its website that listed its customers, probably fearing that this was not the best time for this kind of marketing.
Said Williams: "I’m not saying they’re wrong. I understand the document is geared to regulators and investors. I’m just saying they’re making a statement on which security folks are basing decisions.
"They need to explain how they are limiting to this timeframe. Show your work. Anything less is valuing share price over customer safety."
Williams, once part of the now disbanded Tailored Access Operations unit at the NSA, America's premier spook agency, said he had spoken to a few organisations who were thinking of staying put because of this specific timeframe declaration.
"Clarity is needed," he insisted. "This smells to me like 'no specific evidence of any other dates where compromise is known'.
Williams said he was also concerned that SolarWinds was calling the incident a vulnerability, rather than a breach as it was.
"This isn’t 'Jake just being pedantic'. Software supply chain attacks are complex and customers are confused. This off-label use of 'vulnerability' isn’t helping," he pointed out.
He also took issue with the fact that SolarWinds had claimed that it was the Orion build process had been compromised, rather than the source code.
"But they don’t really explain how/why they believe this," said Williams. "I’m left with more questions than answers after reading due to apparent inconsistencies in knowledge required for claims.
"I strongly suspect that down the road we’ll be using this as a case study in breach PR failures. I also suspect we’ll see the SEC revise disclosure requirements in situations like this. Telling investors incredible tales and ignoring customers should be a losing move."
However he said there should be some latitude shown as the area was something of an uncharted one. "But to give SolarWinds their due, this is a fairly uncharted territory with a publicly traded company being implicated in a supply chain attack, potentially leading to the breach of customers. They’re writing the playbook as they execute it, with no template to draw from," he added.
Subscribe to ITWIRE UPDATE Newsletter here
Now’s the Time for 400G Migration
The optical fibre community is anxiously awaiting the benefits that 400G capacity per wavelength will bring to existing and future fibre optic networks.Nearly every business wants to leverage the latest in digital offerings to remain competitive in their respective markets and to provide support for fast and ever-increasing demands for data capacity. 400G is the answer.
Initial challenges are associated with supporting such project and upgrades to fulfil the promise of higher-capacity transport.
The foundation of optical networking infrastructure includes coherent optical transceivers and digital signal processing (DSP), mux/demux, ROADM, and optical amplifiers, all of which must be able to support 400G capacity.
With today’s proprietary power-hungry and high cost transceivers and DSP, how is migration to 400G networks going to be a viable option?
PacketLight's next-generation standardised solutions may be the answer. Click below to read the full article.
WEBINAR PROMOTION ON ITWIRE: It's all about webinars
These days our customers Advertising & Marketing campaigns are mainly focussed on webinars.If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.
The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://www.itwire.com/itwire-update.html and Promotional News & Editorial.
This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.
We have a Webinar Business Booster Pack and other supportive programs.
We look forward to discussing your campaign goals with you.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK