[Cryptography] Solar Winds hack
John Levine
johnl at iecc.com
Mon Dec 21 13:43:04 EST 2020
In article <CAMm+LwhEa2YFZawTjAtndRO580YJDgZ9VbB8xm-Z=a2ycf-8yA at mail.gmail.com> you write:
>Well stories about Solar winds execs dumping stock a few days before the
>announcement...
Reports said it was a private placement to a single buyer which, if
true, means it's a red herring. The buyer presumably has recourse if
the stock doesn't recover.
>What I am finding interesting is that so many people are going on about the
>fact that a weak password was chosen.
That appears to be the password to download updates from the update
server, so I don't see why it matters. The bad guys didn't breach it
that way, they burrowed in and stuck six lines of new code into a
signed security update.
More information about the cryptography
mailing list