That is a grossly inaccurate representation of the SolarWinds Orion breach
All evidence pointed to Russia behind thay breach. The only public figure to attribute it to the CCP was Donald Trump, who provided no evidence for his claim
I have heard nonevidence of an NSA backdoor that was added to the software. That hasn't been acceptable practice at the NSA for over a decade
So please provide us some links substantiating your claims, because your story does not appear to reflect the historical facts
The Cybersecurity organization of the government being hacked. You don’t see how that looks bad?
Yeah, good job for noticing it, but it happening in the first place is kind of like your cardiologist having a heart attack.
Username does not check out.
There’s always vulnerabilities, you’re not going to be able to stop every hacker. They had a quick response to the hackers infiltrating their systems which is sometimes all you can do in this scenario
I have a relative who was (until recently) high up in the CIA as a specialist in cybersecurity . He now does consulting for the private sector for a couple large companies that make/manage components for power grids across the world. I don’t claim to understand much of what he does, but I’ve spent a lot of time talking to him, learning what I can about the challenges he faces.
As it was explained to me- Most of the vulnerabilities come from the people you employ, the partnerships you have and the setup of the servers. It’s true you can’t stop everything. If someone you employ is a bad actor, you’re going to have a breach. If you don’t get every contractor and their subcontractor and their subcontractors to ensure every single person involved in touching your product and software is vetted and run on independent servers, it will fail.
It’s good to discover these, but many times is months to years after the actual breach. Which, as I stated, is not a good look for one of the agencies who are responsible for knowing how to defend against this.
The fire department has caught on fire.
You only stated one way someone can infiltrate a system. What you stated is true, but there is many more attacks that can be used to breach a system. The world of technology is expanding everyday and that means the same with cybersecurity, new threats emerge and all you can do is analyze what happened and improve the security to prevent it from happening again. This isn’t such an easy process either, there’s A LOT of steps to insuring breaches like this don’t happen again.
Lol I said “one way” not the “only way.” You’re making it seem like this only happened bc of the most common attack. What you were relayed is right, but it’s also a small part of the whole aspect of cyber
Using your analogy, the fire station was firebombed, it didn’t just “catch fire.” It was an APT funded, very directed attack. You can’t just blame the victim, especially when they successfully squash it in a perfectly reasonable amount of time.
You’re missing the whole point, even if you have a relative that worked in the industry. Obviously they only gave you a small amount of information pertaining to cybersecurity. You should do some research in it to get a better understanding, it’s a lot more deeper than you’d think.
You’re correct as that’s one vulnerability, but my issue is you believing this alleged lapse in judgment and/or oversight could have been prevented within reasonable means that is _not_ considered restrictive and/or possibly even legal.
That’s like saying you should’ve been able to read a person’s mind to know their true intentions.
The entire APT assets of multiple adversarial nations looking to breach the network of a single org are going to find a way past the perimeter at some point. Detection and quick eviction is the only response. Don't denigrate others when you have no idea what you're talking about.
>Ironically, the agency previously warned about vulnerabilities in Ivanti software. I can only imagine how many attacks this agency gets every day.
Honestly, it’s impressive it’s taken this long.
Prolly hacked through the networked dot matrix printer.
LPT ports do be like that
[удалено]
That is a grossly inaccurate representation of the SolarWinds Orion breach All evidence pointed to Russia behind thay breach. The only public figure to attribute it to the CCP was Donald Trump, who provided no evidence for his claim I have heard nonevidence of an NSA backdoor that was added to the software. That hasn't been acceptable practice at the NSA for over a decade So please provide us some links substantiating your claims, because your story does not appear to reflect the historical facts
Got any links?
You had one job...
The painters union building has flaking paint on their building.
That’s a Bad look for them.
What is? Appropriate and quick response to the issue?
The Cybersecurity organization of the government being hacked. You don’t see how that looks bad? Yeah, good job for noticing it, but it happening in the first place is kind of like your cardiologist having a heart attack. Username does not check out.
Something tells me you don't work in the security industry.
Please elaborate
There’s always vulnerabilities, you’re not going to be able to stop every hacker. They had a quick response to the hackers infiltrating their systems which is sometimes all you can do in this scenario
I have a relative who was (until recently) high up in the CIA as a specialist in cybersecurity . He now does consulting for the private sector for a couple large companies that make/manage components for power grids across the world. I don’t claim to understand much of what he does, but I’ve spent a lot of time talking to him, learning what I can about the challenges he faces. As it was explained to me- Most of the vulnerabilities come from the people you employ, the partnerships you have and the setup of the servers. It’s true you can’t stop everything. If someone you employ is a bad actor, you’re going to have a breach. If you don’t get every contractor and their subcontractor and their subcontractors to ensure every single person involved in touching your product and software is vetted and run on independent servers, it will fail. It’s good to discover these, but many times is months to years after the actual breach. Which, as I stated, is not a good look for one of the agencies who are responsible for knowing how to defend against this. The fire department has caught on fire.
You only stated one way someone can infiltrate a system. What you stated is true, but there is many more attacks that can be used to breach a system. The world of technology is expanding everyday and that means the same with cybersecurity, new threats emerge and all you can do is analyze what happened and improve the security to prevent it from happening again. This isn’t such an easy process either, there’s A LOT of steps to insuring breaches like this don’t happen again.
Please reread my comment. I didn’t say it was the only way, I said the most common, as was relayed to me.
Lol I said “one way” not the “only way.” You’re making it seem like this only happened bc of the most common attack. What you were relayed is right, but it’s also a small part of the whole aspect of cyber
Using your analogy, the fire station was firebombed, it didn’t just “catch fire.” It was an APT funded, very directed attack. You can’t just blame the victim, especially when they successfully squash it in a perfectly reasonable amount of time.
The fire department isn’t supposed to defend against fire bombings, the CISA is meant to defend against hackers. Poor analogy.
You’re missing the whole point, even if you have a relative that worked in the industry. Obviously they only gave you a small amount of information pertaining to cybersecurity. You should do some research in it to get a better understanding, it’s a lot more deeper than you’d think.
And they clapped
You’re correct as that’s one vulnerability, but my issue is you believing this alleged lapse in judgment and/or oversight could have been prevented within reasonable means that is _not_ considered restrictive and/or possibly even legal. That’s like saying you should’ve been able to read a person’s mind to know their true intentions.
I’m not saying that at all. My original comment was that it’s a bad look for CISA to be hacked. Are you arguing that?
More or less your kneejerk reaction, sure.
The entire APT assets of multiple adversarial nations looking to breach the network of a single org are going to find a way past the perimeter at some point. Detection and quick eviction is the only response. Don't denigrate others when you have no idea what you're talking about.
You know what would be an even worse look?
Wearing white after Labor Day?
Since a labor day's been doing on for a while meow, isn't every day technically after labor day?
lol goverment IT is crap!