[Cryptography] Solar Winds hack

John Levine johnl at iecc.com
Mon Dec 21 13:43:04 EST 2020

In article <CAMm+LwhEa2YFZawTjAtndRO580YJDgZ9VbB8xm-Z=a2ycf-8yA at mail.gmail.com> you write:
>Well stories about Solar winds execs dumping stock a few days before the

Reports said it was a private placement to a single buyer which, if
true, means it's a red herring. The buyer presumably has recourse if
the stock doesn't recover.

>What I am finding interesting is that so many people are going on about the
>fact that a weak password was chosen.

That appears to be the password to download updates from the update
server, so I don't see why it matters. The bad guys didn't breach it
that way, they burrowed in and stuck six lines of new code into a
signed security update.

More information about the cryptography mailing list