Article

2021-01-01 -Lurid Crime Tales-

SolarWinds hackers accessed Microsoft source code, the company says

Archived material is restricted to Rantburg regulars and members. If you need access email fred.pruitt=at=gmail.com with your nick to be added to the members list. There is no charge to join Rantburg as a member.

Posted by Frank G 2021-01-01 00:00|| || Front Page|| [11 views ] Top

#1 "No access to production services" and "access to source code" are different things. The first means the systems running their data centers -- and the customer applications running in them -- don't show evidence of access. The second means someone -- God help them -- was able to read the source code to SOME MSFT software.

Access to source shouldn't matter in regard to security -- unless MSFT was depending on obscurity for some aspects of security. Linux source code has always been available, and its security issues are primarily with misconfigured software (default passwords; being behind on updates, etc.).

Posted by Rob Crawford 2021-01-01 00:53|| 2021-01-01 00:53|| Front Page Top

#2 Then they turned to stone.

Posted by KBK 2021-01-01 01:01|| 2021-01-01 01:01|| Front Page Top

#3 Should be easy to catch. They all have dazed looks and cross eye from looking at the source code... And they babble incoherently.

Posted by CrazyFool 2021-01-01 01:58|| 2021-01-01 01:58|| Front Page Top

#4 >unless MSFT was depending on obscurity for some aspects of security.

I'd bet running Static Code Analysis on it would reveal rather a few holes.

The hack inserted modified CODE into Solarwinds which then opened the trapdoor.

The inserted code looked to be a higher quality than that written by solarwinds.

The problem is that MS allows programs running on it's OS far too much access to basically do anything.

Posted by Bright Pebbles 2021-01-01 05:34|| 2021-01-01 05:34|| Front Page Top

#5 SolarWinds hackers accessed Microsoft source code, the company says...
who then went on to write tighter more efficient code that could run on a 2001 era machine. Maawwahh. :)

Posted by Procopius2k 2021-01-01 06:48|| 2021-01-01 06:48|| Front Page Top

#6 So what's worse? Hacker code or Microsoft's forced "updates"?

Posted by Mercutio 2021-01-01 09:18|| 2021-01-01 09:18|| Front Page Top

#7 So it is a feature and not a bug then?

Posted by DarthVader 2021-01-01 12:33|| 2021-01-01 12:33|| Front Page Top

#8 One potential source of problems is that all the extra cases to maintain "backward compatibility" can lead to unreadable (=unmaintainable) code and unforeseen corner cases. I got the impression (no doubt thanks to great PR) that MS was redoing their code base to get rid of a lot of cruft, but I don't know how extensive the project was.

Posted by james 2021-01-01 12:47|| https://idontknowbut.blogspot.com 2021-01-01 12:47|| Front Page Top

#9 H1B1 Indian Visa Microsoft coder made a lot of money for that code back in India for sure.

Posted by Blackbeard Barnsmell6454 2021-01-01 13:09|| 2021-01-01 13:09|| Front Page Top

22:54 Elmerert Hupens2660
22:09 Threatle Slater3107
21:31 trailing wife
21:22 trailing wife
21:19 trailing wife
21:17 trailing wife
21:08 trailing wife
20:51 DarthVader
20:43 trailing wife
20:31 Ebbomoger Speaking for Boskone4589
20:28 trailing wife
20:27 Hupusoter Theremp1466
19:59 Hupusoter Theremp1466
19:41 Rob Crawford
19:35 Jan
19:20 Hupusoter Theremp1466
19:12 Claiting Grotch4752
19:08 Hupusoter Theremp1466
19:05 Bobby
19:01 Spats Lumplump4765
19:00 gorb
18:59 Skunky Ulart5534
18:55 Frank G
18:50 jpal