User Panel
User Panel
User Panel
|
Posted: 12/19/2020 9:31:53 AM EST
[#1]
Quote HistoryQuoted: Why doesn't Congress declare war? Most of CON-gress is compromised by foreign assets. |
|
|
|
Posted: 12/19/2020 9:32:19 AM EST
[#2]
But not my comp.
 My personal comp are more secure than .gov comps. Lolz. |
|
|
|
Posted: 12/19/2020 9:32:51 AM EST
[#3]
Quote HistoryQuoted: How long would it take you to patch 100 virtual servers, reboot them, comfirm they are all back online, After hours? At a 24/7/365 operation. Who does your firewalls? All your switch firmwares? How about your vcenter servers? Nimble SAN arrays. Cisco UCS chassis and host firmwares? Load balancers? Like I said, its a full time job just to manage updates and most IT staff is just trying to troubleshoot the day to day and meet the ever demanding needs of the sheeple . Quote HistoryQuoted: Quoted: Monthly and I automated it all with PowerShell and SCCM. It can be done, it just doesn't get done. How long would it take you to patch 100 virtual servers, reboot them, comfirm they are all back online, After hours? At a 24/7/365 operation. Who does your firewalls? All your switch firmwares? How about your vcenter servers? Nimble SAN arrays. Cisco UCS chassis and host firmwares? Load balancers? Like I said, its a full time job just to manage updates and most IT staff is just trying to troubleshoot the day to day and meet the ever demanding needs of the sheeple . I'm lucky to work for a CIO who came up through the trenches and gets it. We do the right things. We patch everything monthly. We have top of the line firewalls and keep them current. We have NAC. We encrypt everything in transit and at rest for critical systems. We have pen tests once a year and fix anything they find promptly. I'm proud to say this year they couldn't get in from the outside and we had to disable NAC for them to get anywhere on the inside. All this, and we still are impacted by the SolarWinds debacle. That's how bad this is. |
|
|
|
Posted: 12/19/2020 9:33:29 AM EST
[#4]
But not my comp.
My personal comp are more secure than .gov comps. Lolz. |
|
|
|
Posted: 12/19/2020 9:35:41 AM EST
[#5]
Quote HistoryQuoted: You two don't have a fucking clue what you're talking about. This is, quite possibly, the biggest cyber attack in history. Certainly the most sophisticated. Quote HistoryQuoted: Quoted: Nothing is happening. This is all just another 'breaking news' story to distract people from reality. Another red herring...another nothing burger. Wake me up when there is a single, tangible outcome that impacts any of us directly. Quoted: Government networks get attacked every day multiple times a day. They got more at the link? Otherwise I'm going with sensational nothing burger. You two don't have a fucking clue what you're talking about. This is, quite possibly, the biggest cyber attack in history. Certainly the most sophisticated. |
|
|
|
Posted: 12/19/2020 9:38:54 AM EST
[#6]
Quote HistoryQuoted: The cyber security company was one of the victims. The attackers managed to compromise the patch repository for the Solarwinds Orion product and inserted compromised patches (or they had people inside the Solarwinds itself install the exploit code). Supposedly they know which forty companies downloaded the compromised patches. Quote HistoryQuoted: Quoted: Could the "tools" recently stolen from that cyber security company be aiding "these" hackers? The cyber security company was one of the victims. The attackers managed to compromise the patch repository for the Solarwinds Orion product and inserted compromised patches (or they had people inside the Solarwinds itself install the exploit code). Supposedly they know which forty companies downloaded the compromised patches. |
|
|
|
Posted: 12/19/2020 9:41:54 AM EST
[#7]
Quote HistoryQuoted: Catherine Herridge has always seemed to me to be a no nonsense,no bullshit reporter..... I wonder why she left Fox? Quote HistoryQuoted: Quoted: Yeah, I was kinda shocked CBS is reporting this. Heritage has been pretty solid on her reporting considering. Catherine Herridge has always seemed to me to be a no nonsense,no bullshit reporter..... I wonder why she left Fox? I met her down in Gtmo when she was covering commissions (trials) for Fox. She was a very nice lady, very sharp. |
|
|
|
Posted: 12/19/2020 9:50:00 AM EST
[#8]
Quote HistoryQuoted: WASHINGTON (AP) President Donald Trump on Tuesday fired the director of the federal agency that vouched for the reliability of the 2020 election. President Trump fired Christopher Krebs in a tweet, saying his recent statement defending the security of the election was "highly inaccurate." Quote HistoryQuoted: Quoted: Quoted: Quoted: What department is responsible for sounding the purge siren? WASHINGTON (AP) President Donald Trump on Tuesday fired the director of the federal agency that vouched for the reliability of the 2020 election. President Trump fired Christopher Krebs in a tweet, saying his recent statement defending the security of the election was "highly inaccurate." |
|
|
|
Posted: 12/19/2020 9:55:25 AM EST
[#9]
Russia probably has so much info on everyone in government now they can control the entire US by blackmail.
|
|
|
|
Posted: 12/19/2020 9:55:50 AM EST
[#10]
Wasn't crowdstrike involved with the DNC. Ukraine and Trump?
|
|
|
|
Posted: 12/19/2020 9:59:30 AM EST
[#11]
Quote HistoryQuoted: You buy tools to automate it. Tools like Solarwinds in the case of switches and routers. I'm lucky to work for a CIO who came up through the trenches and gets it. We do the right things. We patch everything monthly. We have top of the line firewalls and keep them current. We have NAC. We encrypt everything in transit and at rest for critical systems. We have pen tests once a year and fix anything they find promptly. I'm proud to say this year they couldn't get in from the outside and we had to disable NAC for them to get anywhere on the inside. All this, and we still are impacted by the SolarWinds debacle. That's how bad this is. People don't understand that what is happening in Cyberland, and I have said this for years. Its as if we've been fighting World War II, and it was up to Ford, GM, and the local soda shop to fight the war by themselvesm, Nazis are firebombing Ford Plants, and the response is that Ford needs to invest in more Anti-Air defense. The amount of pressure and liability on business to fight against Nation states is unsustainable. |
|
|
|
Posted: 12/19/2020 10:01:55 AM EST
[#12]
Quote HistoryQuoted: This has been going on since March 2020. They just found it recently. This is the tip of the iceberg. Look for Solar Winds if you want more information. The more I read about this, the more I think that is is going to be much bigger than everyone thinks. |
|
|
|
Posted: 12/19/2020 10:02:47 AM EST
[#13]
Quote HistoryQuoted: Russia probably has so much info on everyone in government now they can control the entire US by blackmail. Lol You mean like China Joe and half the other politicians? Ya I'm betting it's China. |
|
|
|
Posted: 12/19/2020 10:03:08 AM EST
[#14]
Quote HistoryQuoted: Wasn't crowdstrike involved with the DNC. Ukraine and Trump? Yeah. Crowdstrike was the Ukrainian computer security firm that did the "forensics" on the DNC server and "proved" it was russia. The FBI never looked at it, but took crowdstrikes word for everything. Are they involved again? |
|
|
|
Posted: 12/19/2020 10:09:41 AM EST
[#15]
Quoted: Catherine Herridge (@CBS_Herridge) Tweeted:Microsoft's president tells @CBSNews "this attack is still taking place, the industry is scrambling, people in government are scrambling to get it under control, but it's not under control yet" Link Apparently this has been going on for over a month. Yeah, most secure election ever!  Here is a list so far of what agencies have been attacked https://www.AR15.Com/media/mediaFiles/288245/a632ed55-e779-4482-aea3-c100b8589aa6_jpg-1737681.JPG |
|
|
|
Posted: 12/19/2020 10:21:16 AM EST
[#16]
I really hope we unleash Stuxnet v19 on them, and it fuck everything up bad. Real bad.
|
|
|
|
Posted: 12/19/2020 10:21:23 AM EST
[#17]
Quote HistoryQuoted: You buy tools to automate it. Tools like Solarwinds in the case of switches and routers. I'm lucky to work for a CIO who came up through the trenches and gets it. We do the right things. We patch everything monthly. We have top of the line firewalls and keep them current. We have NAC. We encrypt everything in transit and at rest for critical systems. We have pen tests once a year and fix anything they find promptly. I'm proud to say this year they couldn't get in from the outside and we had to disable NAC for them to get anywhere on the inside. All this, and we still are impacted by the SolarWinds debacle. That's how bad this is. Quote HistoryQuoted: Quoted: Quoted: Monthly and I automated it all with PowerShell and SCCM. It can be done, it just doesn't get done. How long would it take you to patch 100 virtual servers, reboot them, comfirm they are all back online, After hours? At a 24/7/365 operation. Who does your firewalls? All your switch firmwares? How about your vcenter servers? Nimble SAN arrays. Cisco UCS chassis and host firmwares? Load balancers? Like I said, its a full time job just to manage updates and most IT staff is just trying to troubleshoot the day to day and meet the ever demanding needs of the sheeple . I'm lucky to work for a CIO who came up through the trenches and gets it. We do the right things. We patch everything monthly. We have top of the line firewalls and keep them current. We have NAC. We encrypt everything in transit and at rest for critical systems. We have pen tests once a year and fix anything they find promptly. I'm proud to say this year they couldn't get in from the outside and we had to disable NAC for them to get anywhere on the inside. All this, and we still are impacted by the SolarWinds debacle. That's how bad this is. I pushed for NAC this year, however budget wouldn't allow it. I was able to get splunk though, which is proving to be useful. |
|
|
|
Posted: 12/19/2020 10:23:55 AM EST
[#18]
Quote HistoryQuoted: +1 Quote HistoryQuoted: Quoted: it's like that just about everywhere. In my experience executive leaderships concerns center around looking good, keeping audit and regulators off their ass and setting themselves up for the next gig. Very very rarely do they actually have the skill sets, wherewithal and fucks to give to do the right thing. My current employer only has about 3 people that have any real experience, the rest of the organizations leadership and worker bees have a complete lack of understanding of basic information security concepts. This is a Fortune 100 mind you. +1 this is reality in most companies, tiny to top fortune 500s the only real exception is when you get into the ones in tech who actually pay and know what they're doing like amazon, google, microsoft and such. how few people actually know well anything about cyber security is staggering. in one of my younger years my managers, manager sent me in to explain that with the roll out of new password policies you could no longer use your username (first initial last name) as your password. This guy was probably making a 7 figure benefit package and had all his passwords set to auto login in the early days that was a browser feature. his exact words were "then the policy will have to be updated". turns out none of that was true and the CIO just liked to meet the new security people and that was their standard introduction. |
|
|
|
Posted: 12/19/2020 10:27:49 AM EST
[#19]
Quote HistoryQuoted: I have a feeling this was all set up as a nuclear option for the CCP/Swamp if the ballot fraud plan failed and Trump was still reelected. If bidet takes office next month then this will all go away and back to normal. Well, back to the democrats selling us off to China normal. It’ll go away as in it won’t be reported on anymore. The hard lines are installed and the downloads and feeds will go live to whoever was given access if the old man and whore get seated |
|
|
|
Posted: 12/19/2020 10:29:07 AM EST
[#20]
Stop trying to loop in your favorite conspiracy theory with this. You people sound stupid.
|
|
|
|
Posted: 12/19/2020 10:32:09 AM EST
[#21]
They’re recommending that everyone wipe every router and rebuild.
|
|
|
|
Posted: 12/19/2020 10:37:23 AM EST
[#22]
Quote HistoryQuoted: @Fourman - Can you PM me your latest CISA update? Quote HistoryQuoted: Quoted: My direct source is that the FBI asked CrowdStrike to stop announcing all the companies they are repairing. No idea why. Also same person said that many agencies are hit very hard with this. I know mine is clean for now....but the bad thing is we are 100% Azure so that worries me now. I am getting very interesting updates every 8 hours with new things to search for....this is far from over. |
|
|
|
Posted: 12/19/2020 10:39:33 AM EST
[#23]
Quote HistoryQuoted: Very few organizations are willing to pay for the manpower it takes to keep sytems upgraded and patched. How often should you patch your servers? Once a week? Once a month? We restarted a couple servers the other dat that had updates waiting, It took 2 hours to complete. Now multiply that by 100 for us. Its a full time job, after hours, in itself. And if you were current with your Solarwinds updates/upgrades, you downloaded the malicious updates. So are patches/upgrades good or bad? The sad reality is that our reliance and utilization of technology has outpaced our ability to keep it secure. Lol, 100? We manage 10k vms and I know people tha work for major cloud providers would laugh at that number too... its all about automation. Infosec needs to be automated or it will fail in any size environment... |
|
|
|
Posted: 12/19/2020 10:46:16 AM EST
[#24]
Quote HistoryQuoted: I think this is less an attack and more someone keeps leaving doors open or outright uplinking shit to sites to allow access. Is it no wonder they can't stop it if people are actively allowing it? ETA Covid restrictions in fed buildings has allowed people to have access to things without a lot of eyes around. It's been way easier to deploy this shit. Cyber-intrusion is huge in efforts to penetrate sensitive government computer networks and even in those phishing emails you get telling you your Netflix account is having trouble with your credit card. All that shit comes over the internet...it doesn't require a physical presence at your terminal to explore everything on your hard drive. Look at what happened to Iran's centrifuges a few years ago. I have zero doubt that, via whatever the cause, foreign governments can access the vast majority of our nation's 'secure networks' - remotely and with little evidence they did. |
|
|
|
Posted: 12/19/2020 10:56:02 AM EST
[#25]
Quote HistoryQuoted: You buy tools to automate it. Tools like Solarwinds in the case of switches and routers. I'm lucky to work for a CIO who came up through the trenches and gets it. We do the right things. We patch everything monthly. We have top of the line firewalls and keep them current. We have NAC. We encrypt everything in transit and at rest for critical systems. We have pen tests once a year and fix anything they find promptly. I'm proud to say this year they couldn't get in from the outside and we had to disable NAC for them to get anywhere on the inside. All this, and we still are impacted by the SolarWinds debacle. That's how bad this is. My main point is that you have to have staff to do that. Whatever solution you come up with, you have to have staff to run it and test after. Automation is fine (I have it) but less than perfect. It takes dedicated staff who know ALL the quirks of each system. You have to create change management requests and get comittee approvals sometimes. You have to do it after hours due to business restrictions. You have to inform all business partners and get approvals. And WHO does it when all staff is 8-5 M-Fri? Does everybody work non-compensated overtime? After hours? Week after week, month after month to maintain "monthly" updates? Yeah fuck all that if I am not compensated for any extra time. And I dont want to work overtime. Let the IT cucks do that. The business needs to hire more staff. The reality is most businesses undervalue IT but are completely reliant on the infrastructure we support for everything. After years of telling management we need more staff to maintian updates and they say no, then they say but we need 10 more servers this month for new unnecessary systems, you just say ok sure. I'll have a coke. So many people love to blame shitty IT staff when most of the time its apathetic, ignorant, indifferent, moronic management that is the impediment to IT security and efficiency etc. |
|
|
|
Posted: 12/19/2020 10:57:56 AM EST
[#26]
Quote HistoryQuoted: Agreed with it's not an attack. Yet. What it is though could allow someone to severely fuck with our country at the core. I'm talking Defensive, Power, Commerce, Comms, you name it. We go tossing a nuke at this perp, and they might be able turn off the power. I'm not saying they can do it, I'm saying whoever did this knows what the fuck they're doing, and they spent a shit ton of time and capital to make it happen. The payload however, nobody knows. Imagine...tensions escalate with China to the point they launch their missiles. When we go to 'turn the keys' on our missiles...all the lights in the nation go out, the computers used in all our aircraft crash them, all our comms and GPS satellites shut down, shortly before all the hard drives in the nation format themselves. Not possible? Google Stuxnet. If the LAN isn't air-gapped...it's possible. 
|
|
|
|
Posted: 12/19/2020 11:01:05 AM EST
[#27]
Quote HistoryQuoted: Lol, 100? We manage 10k vms and I know people tha work for major cloud providers would laugh at that number too... its all about automation. Infosec needs to be automated or it will fail in any size environment... Im not a cloud provider (thats the joke) and you missed the point. You obviously have staff to manage that many. (likely not). But if you are telling me you patch update all your servers and reboot all your customers servers monthly without a hitch and zero issues. Automated or not. And you are able to do this effectively without a large dedicated crew well.  Attached File |
|
|
|
Posted: 12/19/2020 11:01:51 AM EST
[#28]
The solution is Letters of Marque. No balls to do so under Bidet, sadly.
Probably no balls under anyone. |
|
|
|
Posted: 12/19/2020 11:14:22 AM EST
[#29]
Quote HistoryQuoted: i wonder what the actual fallout from this will wind up looking like. it's incredible. Someone's getting promoted to a GLG-20. |
|
|
|
Posted: 12/19/2020 11:15:07 AM EST
[#30]
Quote HistoryQuoted: My main point is that you have to have staff to do that. Whatever solution you come up with, you have to have staff to run it and test after. Automation is fine (I have it) but less than perfect. It takes dedicated staff who know ALL the quirks of each system. You have to create change management requests and get comittee approvals sometimes. You have to do it after hours due to business restrictions. You have to inform all business partners and get approvals. And WHO does it when all staff is 8-5 M-Fri? Does everybody work non-compensated overtime? After hours? Week after week, month after month to maintain "monthly" updates? Yeah fuck all that if I am not compensated for any extra time. And I dont want to work overtime. Let the IT cucks do that. The business needs to hire more staff. The reality is most businesses undervalue IT but are completely reliant on the infrastructure we support for everything. After years of telling management we need more staff to maintian updates and they say no, then they say but we need 10 more servers this month for new unnecessary systems, you just say ok sure. I'll have a coke. So many people love to blame shitty IT staff when most of the time its apathetic, ignorant, indifferent, moronic management that is the impediment to IT security and efficiency etc. Yeah, I get it. We have staffing 24x7 and a true soc/noc... |
|
|
|
Posted: 12/19/2020 11:16:52 AM EST
[#31]
Quote HistoryQuoted: Im not a cloud provider (thats the joke) and you missed the point. You obviously have staff to manage that many. (likely not). But if you are telling me you patch update all your servers and reboot all your customers servers monthly without a hitch and zero issues. Automated or not. And you are able to do this effectively without a large dedicated crew well. /media/mediaFiles/sharedAlbum/dont_believe_you_anchorman_zps267e5cbb_GIF-108.gif This guy gets it. Having enough knowledgable Staff is the problem in most small to mid environments. |
|
|
|
Posted: 12/19/2020 11:19:52 AM EST
[#32]
Quote HistoryQuoted: i wonder what the actual fallout from this will wind up looking like. it's incredible. We (bidum and his handlers) inherited a huuuuge mess from Trump (remember Nobama and Bush), and will milk this for four years, use it to pass laws, infringe, do more of what they want. |
|
|
|
Posted: 12/19/2020 11:20:28 AM EST
[#33]
Quote HistoryQuoted: And 100 virtual servers is a small installation. There's a reason Ansible is gaining so much traction, but it operates single-threaded, so if you've got a narrow window for updates, you may have to update only a small number of servers per window. Ansible runs tasks in parallel by default. link |
|
|
|
Posted: 12/19/2020 11:22:05 AM EST
[#34]
It's amazing what pepole will put on the internet and connect to the ineternet and think it's safe. I'm always shocked when I read stories of the government having xyz on the net. My largest customer has a vault on site for their most sensitive stuff. Specs and drawings going back 50 years. When I need to look at them to design a fix when something goes wrong I have to visit there in person. No cell phones allowed in the valult. I have to have several people sign off on the need to even be in the vault. Watched by an employee of the company. They have multiple locations. Once a day their own carrier flies what is requested from one location to another in person. Vault has withstood multiple natural disasters including strong hurricanes and on site explosions and fires etc...
Public company, not the government in the least. |
|
|
|
Posted: 12/19/2020 11:24:15 AM EST
[#35]
Quote HistoryQuoted: Im not a cloud provider (thats the joke) and you missed the point. You obviously have staff to manage that many. (likely not). But if you are telling me you patch update all your servers and reboot all your customers servers monthly without a hitch and zero issues. Automated or not. And you are able to do this effectively without a large dedicated crew well. /media/mediaFiles/sharedAlbum/dont_believe_you_anchorman_zps267e5cbb_GIF-108.gif We have a 2% manual remediation rate. And we staff 24x7 so patch windows are covered... |
|
|
|
Posted: 12/19/2020 11:27:10 AM EST
[#36]
Quote HistoryQuoted: It's amazing what pepole will put on the internet and connect to the ineternet and think it's safe. I'm always shocked when I read stories of the government having xyz on the net. My largest customer has a vault on site for their most sensitive stuff. Specs and drawings going back 50 years. When I need to look at them to design a fix when something goes wrong I have to visit there in person. No cell phones allowed in the valult. I have to have several people sign off on the need to even be in the vault. Watched by an employee of the company. They have multiple locations. Once a day their own carrier flies what is requested from one location to another in person. Vault has withstood multiple natural disasters including strong hurricanes and on site explosions and fires etc... Public company, not the government in the least. Someone gets it. |
|
|
|
Posted: 12/19/2020 11:33:03 AM EST
[#37]
Everything is down..
VA Ebenefits is down.. SSA is down... everything is down.. DoD .... nothing is working..... |
|
|
|
Posted: 12/19/2020 11:36:47 AM EST
[#38]
Quote HistoryQuoted: Someone gets it. But when I read stories going back to the Bill Clinton days of someone walking out with classified info...who knows. |
|
|
|
Posted: 12/19/2020 12:00:10 PM EST
[#39]
Quote HistoryQuoted: Right now it seems CSA (CrowdStrike Advisory) are more current with better data. Let me work to get some data sent. Quote HistoryQuoted: Quoted: Quoted: My direct source is that the FBI asked CrowdStrike to stop announcing all the companies they are repairing. No idea why. Also same person said that many agencies are hit very hard with this. I know mine is clean for now....but the bad thing is we are 100% Azure so that worries me now. I am getting very interesting updates every 8 hours with new things to search for....this is far from over. It might indeed be the Russians but you're not going to find that out by asking Crowdstrike. |
|
|
|
Posted: 12/19/2020 12:05:09 PM EST
[#40]
Quote HistoryQuoted: We have a 2% manual remediation rate. And we staff 24x7 so patch windows are covered... I have said to my manager that it is impossible for us (a small enterprise) to protect against global tech security threats. I believe it has gotten to be almost unsustainable to expose your organization to the web. Or to keep implementing IT systems for all your business tasks. We cant spend enough money. We need to buy MFA systems, we need to buy encrypted backup sytems. We need SRA systems. We need BYOD systems. We need quality experienced staff. Its like trying to boogaloo with a .380 hipoint and a incadescent flashlight and the hackers are using Gen4 nods and thermal. And they made your flashlight. Our non IT management is absolutely clueless about the tech realities. So, I'll have a coke and wait for Lights Out. |
|
|
|
Posted: 12/19/2020 12:08:40 PM EST
[#41]
|
|
|
|
Posted: 12/19/2020 12:15:16 PM EST
[#42]
Quote HistoryQuoted: A shame they aren't targeting Facebook, Twitter, Alphabet, ABC, CBS, NBC, CNN.... They already have targeted Facebook and Twitter. Just not like you think. |
|
|
|
Posted: 12/19/2020 12:19:16 PM EST
[#43]
Quote HistoryQuoted: I just want to say that having almost 20 years in as a "security professional", with most of it centered around cyber crime, incident response, threat intelligence and a good bit of exposure to Corporate America and the Government, I'm not surprised at all they got butt fucked. A great many security programs are "security theater" to pad the pockets of executives and nothing more. Sometimes I feel like a sucker that we take security seriously and incur a lot of cost and difficulty to do so. Everyone else does theater and doesn’t care about the consequences to their clients. |
|
|
|
Posted: 12/19/2020 12:20:55 PM EST
[#44]
Quote HistoryQuoted: It's possible whoever did this, STILL has ADMIN level access to just about everything .gov IOW the CCP knows our military disposition in detail. Wonderful... |
|
|
|
Posted: 12/19/2020 12:24:35 PM EST
[#45]
Quote HistoryQuoted: Agreed with it's not an attack. Yet. What it is though could allow someone to severely fuck with our country at the core. I'm talking Defensive, Power, Commerce, Comms, you name it. We go tossing a nuke at this perp, and they might be able turn off the power. I'm not saying they can do it, I'm saying whoever did this knows what the fuck they're doing, and they spent a shit ton of time and capital to make it happen. The payload however, nobody knows. We should probably consider keeping our nuclear weapons on analog, unconnected systems at this point. It’s one huge trump card we hold...if you mess with us too much with 4 gen warfare, we can still third gen your ass into a smoking, radioactive crater. |
|
|
|
Posted: 12/19/2020 12:26:23 PM EST
[#46]
Quote HistoryQuoted: Ya think? I putty'd into it one day about 3 years ago to look at some logs. I discovered the last reboot was 2012. I brought it up to my supervisor. He said "yeah, I know. I'm afraid if we reboot it, it won't come back up." My response "Why the fuck is it in production then?!" It's still in production. Still unpatched and still not rebooted since 12. Damn. I won’t even run hardware in our setup that isn’t specifically intended to boot back to normal operation with no intervention in case of unexpected shutdown. |
|
|
|
Posted: 12/19/2020 12:30:41 PM EST
[#47]
Quote HistoryQuoted: Very few organizations are willing to pay for the manpower it takes to keep sytems upgraded and patched. How often should you patch your servers? Once a week? Once a month? We restarted a couple servers the other dat that had updates waiting, It took 2 hours to complete. Now multiply that by 100 for us. Its a full time job, after hours, in itself. And if you were current with your Solarwinds updates/upgrades, you downloaded the malicious updates. So are patches/upgrades good or bad? The sad reality is that our reliance and utilization of technology has outpaced our ability to keep it secure. The general problem of technology is that it’s so large a field that one person can’t know all of it and thus can’t make informed decisions. |
|
|
|
Posted: 12/19/2020 12:35:17 PM EST
[#48]
Krebs
|
|
|
|
Posted: 12/19/2020 12:36:47 PM EST
[#49]
Quote HistoryQuoted: Look for Solar Winds if you want more information. The more I read about this, the more I think that is is going to be much bigger than everyone thinks. And its Microsoft saying it...and Gates is pushing for vaccines all the other stuff we've seen about Gates.... All tied together? |
|
|
|
Posted: 12/19/2020 12:39:24 PM EST
[#50]
Quote HistoryQuoted: I have a feeling this was all set up as a nuclear option for the CCP/Swamp if the ballot fraud plan failed and Trump was still reelected. If bidet takes office next month then this will all go away and back to normal. Well, back to the democrats selling us off to China normal. Quote HistoryQuoted: I have a feeling this was all set up as a nuclear option for the CCP/Swamp if the ballot fraud plan failed and Trump was still reelected. If bidet takes office next month then this will all go away and back to normal. Well, back to the democrats selling us off to China normal. Funny you should mention that. I read this in September 2019 and said "yikes." It seems the scenario in Florida, a target for years, was cleaned up by fixing Broward County. Not that I like Desantis but he didn't want election shenanigans in his state so he fixed it. Jan. 1, 2021 New Year's Day is traditionally spent recovering from the previous night's revelry. This year, the United States awakens to the greatest New Year's hangover in the country's almost 245-year history: a crisis of constitutional legitimacy as all three branches of government continue to battle over who will take the presidential oath of office later this month. This coming Wednesday, Jan. 6, a joint session of Congress will meet for what is a traditionally perfunctory counting of the Electoral College votes. With lawsuits still pending in seven states, both major-party candidates claiming victory via massive advertising campaigns and the president hinting that he might not accept the outcome of the vote, it's time to reflect on how everything went so very wrong... ...It wasn’t until a selection of voting machines started displaying a ransom note in red on black text that the enormity of what had occurred was clear. As was reported in the following weeks, around a quarter of the DRE systems in the three states had been loaded with a backdoored version of the last code update provided by the device manufacturer. This malware had different impacts based on several factors, and subsequent analysis by the Department of Homeland Security showed that votes may have been subtly changed or deleted—or the entire device encrypted and its contents lost. Without voter-verified paper trails, the votes cast by these systems have been challenged in court.... ...It is small comfort that there is now one topic on which most Americans can agree: The latest polling shows that fully 78 percent of Americans believe that the election has been stolen. The hitch, of course, is that Americans do not agree which candidate is the rightful president and which the usurper. That brings us to the present day. Two groups of electors purporting to represent the voters of Pennsylvania, one appointed by the legislature and the other by the governor, met in December and transmitted competing "official" results to the archivist of the United States. Lawsuits have prevented the electoral results of three other states, including Florida, from being submitted, and multiple cases with no clear precedent or outcome are still pending before the U.S. Supreme Court. At this point, it seems a distinct possibility that the House and the Senate will end up selecting the president and vice president, likely with no regard to the votes cast in each statea complicated process made even more so by the fact that doubts over the presidential vote have also raised questions about the legitimate composition of Congress. The exact scenario hasn't played out as written but by god was the left discussing a lot of what is happening over a year ago and gaming out how to get here. NOTE: The article is located here but I am not hotlinking for obvious reason (Brookings for one). https://www.lawfareblog.com/op-ed-future-election-security |
|
|
Win a FREE Membership!
Sign up for the ARFCOM weekly newsletter and be entered to win a free ARFCOM membership. One new winner* is announced every week!
You will receive an email every Friday morning featuring the latest chatter from the hottest topics, breaking news surrounding legislation, as well as exclusive deals only available to ARFCOM email subscribers.
AR15.COM is the world's largest firearm community and is a gathering place for firearm enthusiasts of all types.
From hunters and military members, to competition shooters and general firearm enthusiasts, we welcome anyone who values and respects the way of the firearm.
Subscribe to our monthly Newsletter to receive firearm news, product discounts from your favorite Industry Partners, and more.
Copyright © 1996-2024 AR15.COM LLC. All Rights Reserved.
Any use of this content without express written consent is prohibited.
AR15.Com reserves the right to overwrite or replace any affiliate, commercial, or monetizable links, posted by users, with our own.
