User Panel
User Panel
User Panel
|
Posted: 12/18/2020 10:17:21 PM EST
[#1]
When you buy everything from Red China or give their scientists total access to US tech..and get the back doors they planted?
|
|
|
|
Posted: 12/18/2020 10:19:00 PM EST
[#2]
Quote HistoryQuoted: When you buy everything from Red China or give their scientists total access to US tech..and get the back doors they planted? It is probably unfair to ignore the importance of home grown incompetence. |
|
|
|
Posted: 12/18/2020 10:19:40 PM EST
[#3]
|
|
|
|
Posted: 12/18/2020 10:19:50 PM EST
[#4]
It's a massive Coordinated Chinese-Russian cyber attack.
|
|
|
|
Posted: 12/18/2020 10:22:36 PM EST
[#5]
Quote HistoryQuoted: @navvet89 My exposure to .gov IT is much more limited than yours (3 years here), but I'm utterly fucking astounded and how much 'zero fucks given' is taken to IT security where I work. It wasn't until we got hit with a virus that my boss went "how did this happen?!" like it was some fucking surprise. I won't list the details, but guessable passwords, deprecated unpatched OS's running in the LE side of things, passwords written on post it notes, you name it were abound. Hell we still have an ASA running code from 10 years ago that has never been patched, and that's our primary firewall. Domain admin membership doesn't depend on your role or competence, it shows how politically important you are. |
|
|
|
Posted: 12/18/2020 10:23:25 PM EST
[#6]
Quote HistoryQuoted: i wonder what the actual fallout from this will wind up looking like. it's incredible. The fallout: The taxpayers will fund a multi-year, multi-million dollar study that will say mistakes were made but overall everybody involved was great and did the best they could, and More money needs to be spent on cyber security, but spent in the exact same manner as before the attack. No .gov employees will be fired or reprimanded. The most responsible SES employees will be promoted. |
|
|
|
Posted: 12/18/2020 10:24:40 PM EST
[#7]
Quote HistoryQuoted: Ya think? I putty'd into it one day about 3 years ago to look at some logs. I discovered the last reboot was 2012. I brought it up to my supervisor. He said "yeah, I know. I'm afraid if we reboot it, it won't come back up." My response "Why the fuck is it in production then?!" It's still in production. Still unpatched and still not rebooted since 12. Quote HistoryQuoted: Quoted:  I discovered the last reboot was 2012. I brought it up to my supervisor. He said "yeah, I know. I'm afraid if we reboot it, it won't come back up." My response "Why the fuck is it in production then?!" It's still in production. Still unpatched and still not rebooted since 12. not the worst I worked for a company once that did that crap. They had a production database that were MS SQL 6.5 on W2K boxes, also connected to the internet this was in 2017 for a major fast food chain. I couldn't believe it.  I told the boss of the firm that was the most idiotic security risks I ever saw. He told me they didn't see the point upgrading. I quit after 3 weeks. |
|
|
|
Posted: 12/18/2020 10:26:44 PM EST
[#8]
Quote HistoryQuoted: not the worst I worked for a company once that did that crap. They had a production database that were MS SQL 6.5 on W2K boxes, also connected to the internet this was in 2017 for a major fast food chain. I couldn't believe it. I told the boss of the firm that was the most idiotic security risks I ever saw. He told me they didn't see the point upgrading. I quit after 3 weeks. |
|
|
|
Posted: 12/18/2020 10:27:30 PM EST
[#9]
Quote HistoryQuoted: I do a lot of contract work with an international Fortune 500 company. I would routinely find things like Windows servers with domain admin users left logged in indefinitely. VNC (and there's part of the problem) into a server expecting to log in, get someone else's open session. Or log into a server and see it's waiting to install cumulative security updates from 6+ months ago. Someone should have seen this in SCCM, received an alert or anything.. Nope, ignored. Passwords on almost every account never changed. So when they got hacked this year, almost lost all their DCs and infra to ransomware, and had passwords reset on almost all domain admin users, I was not surprised. Then all of their data went up for sale on the dark web. They even wiped all tape backups that were inserted into backup servers worldwide. Backups to NAS? Stored on public shares, now all encrypted and worthless Tip off that something was coming... All of the infosec team members had unpronouncable Indian names and accents to match. Those guys don't give a fuck. And if a few of them were any good at their careers, they were likely in on it. Those Patels are a sneaky bunch of fraudsters. |
|
|
|
Posted: 12/18/2020 10:28:09 PM EST
[#10]
I'm game for martial law until this shit gets sorted and a new election takes place. Meanwhile we need to go red hot on Russia and China until the rest of the world pisses their pants at the mention of USA. Release the SSBNs.
|
|
|
|
Posted: 12/18/2020 10:30:42 PM EST
[#11]
Very few organizations are willing to pay for the manpower it takes to keep sytems upgraded and patched.
How often should you patch your servers? Once a week? Once a month? We restarted a couple servers the other dat that had updates waiting, It took 2 hours to complete. Now multiply that by 100 for us. Its a full time job, after hours, in itself. And if you were current with your Solarwinds updates/upgrades, you downloaded the malicious updates. So are patches/upgrades good or bad? The sad reality is that our reliance and utilization of technology has outpaced our ability to keep it secure. |
|
|
|
Posted: 12/18/2020 10:31:00 PM EST
[#12]
Quote HistoryQuoted: They never seem to care until I give that look and say "You lost everything". Quote HistoryQuoted: Quoted: not the worst I worked for a company once that did that crap. They had a production database that were MS SQL 6.5 on W2K boxes, also connected to the internet this was in 2017 for a major fast food chain. I couldn't believe it. I told the boss of the firm that was the most idiotic security risks I ever saw. He told me they didn't see the point upgrading. I quit after 3 weeks.lol the other problem that shit you had to run it on was so old it belonged in a museum and was constantly breaking . I hadn't seen those servers types since 1999 |
|
|
|
Posted: 12/18/2020 10:32:04 PM EST
[#13]
Quote HistoryQuoted: The fallout: The taxpayers will fund a multi-year, multi-million dollar study that will say mistakes were made but overall everybody involved was great and did the best they could, and More money needs to be spent on cyber security, but spent in the exact same manner as before the attack. No .gov employees will be fired or reprimanded. The most responsible SES employees will be promoted. You misspelled "most responsible SES employees will take positions at IT services companies that sell solutions to government organizations". |
|
|
|
Posted: 12/18/2020 10:33:27 PM EST
[#14]
Quote HistoryQuoted: Very few organizations are willing to pay for the manpower it takes to keep sytems upgraded and patched. How often should you patch your servers? Once a week? Once a month? We restarted a couple servers the other dat that had updates waiting, It took 2 hours to complete. Now multiply that by 100 for us. Its a full time job, after hours, in itself. And if you were current with your Solarwinds updates/upgrades, you downloaded the malicious updates. So are patches/upgrades good or bad? The sad reality is that our reliance and utilization of technology has outpaced our ability to keep it secure. we didn't let germany or japan build tanks or ships for us in WWII, but we don't seem to mind letting the 3rd world design critical pieces of our infrastructure now. Maybe shipping all those jobs and manufacturing overseas wasn't such a good idea, in hindsight. |
|
|
|
Posted: 12/18/2020 10:33:53 PM EST
[#15]
Quote HistoryQuoted: Agreed with it's not an attack. Yet. What it is though could allow someone to severely fuck with our country at the core. I'm talking Defensive, Power, Commerce, Comms, you name it. We go tossing a nuke at this perp, and they might be able turn off the power. I'm not saying they can do it, I'm saying whoever did this knows what the fuck they're doing, and they spent a shit ton of time and capital to make it happen. The payload however, nobody knows. Quote HistoryQuoted: Quoted: I think this is less an attack and more someone keeps leaving doors open or outright uplinking shit to sites to allow access. Is it no wonder they can't stop it if people are actively allowing it? What it is though could allow someone to severely fuck with our country at the core. I'm talking Defensive, Power, Commerce, Comms, you name it. We go tossing a nuke at this perp, and they might be able turn off the power. I'm not saying they can do it, I'm saying whoever did this knows what the fuck they're doing, and they spent a shit ton of time and capital to make it happen. The payload however, nobody knows. Not an attack? NOT AN ATTACK?!? You sound like Trump, and that's probably why this is happening. We need a President with some fucking balls not just bluster and hot air. I'm doesn't matter the cost, you destroy the country involved and take it as your own. It won't happen again, for a long, long time... Buy nah, let's just slap some sanctions out there and talk a lot of shit. |
|
|
|
Posted: 12/18/2020 10:35:30 PM EST
[#16]
Quote HistoryQuoted: World War 3 will start with computer hacks. The Chicoms could probably take down our power grid at anytime Completely fuck our nationwide commerce network Maybe some of the power grids but not all |
|
|
|
Posted: 12/18/2020 10:36:02 PM EST
[#17]
So China releases a super flu, and while to US is distracted, they start cracking into everything right on up to our nukes?
Who won the Cold War again? |
|
|
|
Posted: 12/18/2020 10:38:34 PM EST
[#18]
Don't worry guys, at least our banking system is secure
 Sad to think what would happen if swift and ach transactions were stopped |
|
|
|
Posted: 12/18/2020 10:39:01 PM EST
[#19]
Quote HistoryQuoted: Very few organizations are willing to pay for the manpower it takes to keep sytems upgraded and patched. How often should you patch your servers? Once a week? Once a month? We restarted a couple servers the other dat that had updates waiting, It took 2 hours to complete. Now multiply that by 100 for us. Its a full time job, after hours, in itself. And if you were current with your Solarwinds updates/upgrades, you downloaded the malicious updates. So are patches/upgrades good or bad? The sad reality is that our reliance and utilization of technology has outpaced our ability to keep it secure. It can be done, it just doesn't get done. |
|
|
|
Posted: 12/18/2020 10:39:26 PM EST
[#20]
Quote HistoryQuoted: @navvet89 My exposure to .gov IT is much more limited than yours (3 years here), but I'm utterly fucking astounded and how much 'zero fucks given' is taken to IT security where I work. It wasn't until we got hit with a virus that my boss went "how did this happen?!" like it was some fucking surprise. I won't list the details, but guessable passwords, deprecated unpatched OS's running in the LE side of things, passwords written on post it notes, you name it were abound. Hell we still have an ASA running code from 10 years ago that has never been patched, and that's our primary firewall. Do you even STIG, bro? |
|
|
|
Posted: 12/18/2020 10:41:42 PM EST
[#21]
This election was a fraud, and this is the proof.
|
|
|
|
Posted: 12/18/2020 10:41:53 PM EST
[#22]
Quote HistoryQuoted: lol the other problem that shit you had to run it on was so old it belonged in a museum and was constantly breaking . I hadn't seen those servers types since 1999 Where do you think you go for work if your skillsets still involve ancient things like HP-UX, Solaris and VMS |
|
|
|
Posted: 12/18/2020 10:42:12 PM EST
[#23]
Quote HistoryQuoted: Well if they're in the DOD's network and have been for 9 months, they might know an uncomfortable amount about where our forces are stationed around the world. I have no idea if something like the locations and course data for our nuclear subs is something they would have had access to, but boy howdy that sure would suck. Quote HistoryQuoted: Quoted: Why doesn't Congress declare war? Nobody should have any idea where our subs are aside from the sub itself. |
|
|
|
Posted: 12/18/2020 10:45:05 PM EST
[#24]
Quote HistoryQuoted: This election was a fraud, and this is just more proof. Fixed it for you. |
|
|
|
Posted: 12/18/2020 10:47:56 PM EST
[#25]
Act of war.
|
|
|
|
Posted: 12/18/2020 10:48:49 PM EST
[#26]
Quote HistoryQuoted: Do you even STIG, bro? Why yes, yes I do. |
|
|
|
Posted: 12/18/2020 10:50:29 PM EST
[#27]
Quote HistoryQuoted: Monthly and I automated it all with PowerShell and SCCM. It can be done, it just doesn't get done. How long would it take you to patch 100 virtual servers, reboot them, comfirm they are all back online, After hours? At a 24/7/365 operation. Who does your firewalls? All your switch firmwares? How about your vcenter servers? Nimble SAN arrays. Cisco UCS chassis and host firmwares? Load balancers? Like I said, its a full time job just to manage updates and most IT staff is just trying to troubleshoot the day to day and meet the ever demanding needs of the sheeple . |
|
|
|
Posted: 12/18/2020 10:51:04 PM EST
[#28]
Will the ATF servers remain unscathed? Oh thank goodness.
|
|
|
|
Posted: 12/18/2020 10:51:58 PM EST
[#29]
Quote HistoryQuoted: Fixed it for you. Quote HistoryQuoted: Quoted: This election was a fraud, and this is just more proof. Fixed it for you. I agree with your edit. |
|
|
|
Posted: 12/18/2020 10:52:30 PM EST
[#30]
Quote HistoryQuoted: Not an attack? NOT AN ATTACK?!? You sound like Trump, and that's probably why this is happening. We need a President with some fucking balls not just bluster and hot air. I'm doesn't matter the cost, you destroy the country involved and take it as your own. It won't happen again, for a long, long time... Buy nah, let's just slap some sanctions out there and talk a lot of shit. |
|
|
|
Posted: 12/18/2020 10:55:52 PM EST
[#31]
Quote HistoryQuoted: Do you even STIG, bro? |
|
|
|
Posted: 12/18/2020 10:56:08 PM EST
[#32]
Did Q predict this?
|
|
|
|
Posted: 12/18/2020 10:56:51 PM EST
[#33]
Quote HistoryQuoted: How long would it take you to patch 100 virtual servers, reboot them, comfirm they are all back online, After hours? At a 24/7/365 operation. Who does your firewalls? All your switch firmwares? How about your vcenter servers? Nimble SAN arrays. Cisco UCS chassis and host firmwares? Load balancers? Like I said, its a full time job just to manage updates and most IT staff is just trying to troubleshoot the day to day and meet the ever demanding needs of the sheeple . |
|
|
|
Posted: 12/18/2020 10:58:44 PM EST
[#34]
Quote HistoryQuoted: Where do you think you go for work if your skillsets still involve ancient things like HP-UX, Solaris and VMS The IRS. Seriously Either way we win. 
|
|
|
|
Posted: 12/18/2020 10:58:56 PM EST
[#35]
Quote HistoryQuoted: Fuck it. My Commodores are safe. https://www.AR15.Com/media/mediaFiles/334993/IMG_2834_jpg-1737727.JPG Ha! I knew you'd be a ham. |
|
|
|
Posted: 12/18/2020 11:03:58 PM EST
[#36]
Live and learn? Seems like we really need to up our cyber defense game. Maybe a blessing in disguise?
|
|
|
|
Posted: 12/18/2020 11:04:31 PM EST
[#37]
Nothing is happening. This is all just another 'breaking news' story to distract people from reality.
Another red herring...another nothing burger. Wake me up when there is a single, tangible outcome that impacts any of us directly. |
|
|
|
Posted: 12/18/2020 11:07:31 PM EST
[#38]
Government networks get attacked every day multiple times a day.
They got more at the link? Otherwise I'm going with sensational nothing burger. |
|
|
|
Posted: 12/18/2020 11:10:55 PM EST
[#39]
Quote HistoryQuoted: Government networks get attacked every day multiple times a day. They got more at the link? Otherwise I'm going with sensational nothing burger. |
|
|
|
Posted: 12/18/2020 11:17:47 PM EST
[#40]
This better end with some people hanging from yard arms.
|
|
|
|
Posted: 12/18/2020 11:21:08 PM EST
[#41]
Quote HistoryQuoted: Which 3 states? Given the potato sites they have I'd not be surprised if Virginia is one of them. That and NOtVA is slam full of Chi-Coms. |
|
|
|
Posted: 12/18/2020 11:22:42 PM EST
[#42]
Quoted: Nothing is happening. This is all just another 'breaking news' story to distract people from reality. Another red herring...another nothing burger. Wake me up when there is a single, tangible outcome that impacts any of us directly. Quoted: Government networks get attacked every day multiple times a day. They got more at the link? Otherwise I'm going with sensational nothing burger. You two don't have a fucking clue what you're talking about. This is, quite possibly, the biggest cyber attack in history. Certainly the most sophisticated. |
|
|
|
Posted: 12/18/2020 11:24:57 PM EST
[#43]
Quote HistoryQuoted: Very few organizations are willing to pay for the manpower it takes to keep sytems upgraded and patched. How often should you patch your servers? Once a week? Once a month? We restarted a couple servers the other dat that had updates waiting, It took 2 hours to complete. Now multiply that by 100 for us. Its a full time job, after hours, in itself. And if you were current with your Solarwinds updates/upgrades, you downloaded the malicious updates. So are patches/upgrades good or bad? The sad reality is that our reliance and utilization of technology has outpaced our ability to keep it secure. We patch almost 500 servers every month. It can be done with one guy in a couple days with automation. |
|
|
|
Posted: 12/18/2020 11:29:20 PM EST
[#44]
I have a feeling this was all set up as a nuclear option for the CCP/Swamp if the ballot fraud plan failed and Trump was still reelected. If bidet takes office next month then this will all go away and back to normal. Well, back to the democrats selling us off to China normal.
|
|
|
|
Posted: 12/18/2020 11:34:06 PM EST
[#45]
Quote HistoryQuoted: Very few organizations are willing to pay for the manpower it takes to keep sytems upgraded and patched. How often should you patch your servers? Once a week? Once a month? We restarted a couple servers the other dat that had updates waiting, It took 2 hours to complete. Now multiply that by 100 for us. Its a full time job, after hours, in itself. And if you were current with your Solarwinds updates/upgrades, you downloaded the malicious updates. So are patches/upgrades good or bad? The sad reality is that our reliance and utilization of technology has outpaced our ability to keep it secure. So just don't patch anything for fear of trusted update sources having malicious injections? If users cannot deal with scheduled maintenance and you are truly 24/7 you should be doing clustering and cluster aware updates. Users don't like scheduled maintenance but they will like unscheduled maintenance even less. |
|
|
|
Posted: 12/18/2020 11:36:29 PM EST
[#46]
Quote HistoryQuoted: And if a few of them were any good at their careers, they were likely in on it. Those Patels are a sneaky bunch of fraudsters. Those guys are a revolving door and I wouldn't be surprised at all |
|
|
|
Posted: 12/18/2020 11:36:46 PM EST
[#47]
Quote HistoryQuoted: Why doesn't Congress declare war? They haven't figured out how to profit off of it yet. |
|
|
|
Posted: 12/18/2020 11:37:55 PM EST
[#48]
Quote HistoryQuoted: Could the "tools" recently stolen from that cyber security company be aiding "these" hackers? The cyber security company was one of the victims. The attackers managed to compromise the patch repository for the Solarwinds Orion product and inserted compromised patches (or they had people inside the Solarwinds itself install the exploit code). Supposedly they know which forty companies downloaded the compromised patches. |
|
|
|
Posted: 12/18/2020 11:43:32 PM EST
[#49]
Quote HistoryQuoted: do we have any idea what the implications of something like that would be? I've been having a hard time following this one. Quote HistoryQuoted: Quoted: You read that right. It's been underway since roughly March. do we have any idea what the implications of something like that would be? I've been having a hard time following this one. I forget which analysis I read, but one security professional is saying it's such a persistent infiltration that complete and total replacement of impacted networks and servers may be necessary. Although I'm sure a good first step is segregating those networks completely away from the Internet so none of the traffic can go out. The sneaky part is they infiltrated the software that companies would be using to detect such intrusions... A normal part of a network security posture is watching network traffic to detect any anomalous traffic, especially connections to unknown hosts, but the Solarwinds Orion software that was the infection vector is what companies would use to do so. I've seen another report saying once inside a network, it went after Microsoft Office 365 software, but I'm not certain if they know for sure if that is all it infected. |
|
|
|
Posted: 12/18/2020 11:45:03 PM EST
[#50]
Quote HistoryQuoted: @navvet89 My exposure to .gov IT is much more limited than yours (3 years here), but I'm utterly fucking astounded and how much 'zero fucks given' is taken to IT security where I work. It wasn't until we got hit with a virus that my boss went "how did this happen?!" like it was some fucking surprise. I won't list the details, but guessable passwords, deprecated unpatched OS's running in the LE side of things, passwords written on post it notes, you name it were abound. Hell we still have an ASA running code from 10 years ago that has never been patched, and that's our primary firewall. Quote HistoryQuoted: Quoted: I just want to say that having almost 20 years in as a "security professional", with most of it centered around cyber crime, incident response, threat intelligence and a good bit of exposure to Corporate America and the Government, I'm not surprised at all they got butt fucked. A great many security programs are "security theater" to pad the pockets of executives and nothing more. My exposure to .gov IT is much more limited than yours (3 years here), but I'm utterly fucking astounded and how much 'zero fucks given' is taken to IT security where I work. It wasn't until we got hit with a virus that my boss went "how did this happen?!" like it was some fucking surprise. I won't list the details, but guessable passwords, deprecated unpatched OS's running in the LE side of things, passwords written on post it notes, you name it were abound. Hell we still have an ASA running code from 10 years ago that has never been patched, and that's our primary firewall. Good IT costs money, government agencies are famous for having underfunded IT departments, with payroll rates considerably below market. |
|
|
Win a FREE Membership!
Sign up for the ARFCOM weekly newsletter and be entered to win a free ARFCOM membership. One new winner* is announced every week!
You will receive an email every Friday morning featuring the latest chatter from the hottest topics, breaking news surrounding legislation, as well as exclusive deals only available to ARFCOM email subscribers.
AR15.COM is the world's largest firearm community and is a gathering place for firearm enthusiasts of all types.
From hunters and military members, to competition shooters and general firearm enthusiasts, we welcome anyone who values and respects the way of the firearm.
Subscribe to our monthly Newsletter to receive firearm news, product discounts from your favorite Industry Partners, and more.
Copyright © 1996-2024 AR15.COM LLC. All Rights Reserved.
Any use of this content without express written consent is prohibited.
AR15.Com reserves the right to overwrite or replace any affiliate, commercial, or monetizable links, posted by users, with our own.
Attached File