Microsoft says Russians hacked its network, viewing source code

Status
Not open for further replies.

mazskolnieces

Level 3
Well-known
Jul 25, 2020
117
For the typical home user, there is no evidence that anyone can provide that irrefutably proves that your typical Windows user is the epidemic that the click-bait IT security news and security software publishers would want everyone to believe. Afterall, fear mongering is the number 1 marketing tactic. For home users, the threat of malware is blown out of proportion to real world experience. The user sitting in front of the PC has much more to do with their security than the security strategy or software, to the extent that the user's choice of security software is essentially irrelevant.

Just like this latest Microsoft network compromise. There is no proof whatsoever that any part of the Windows OS (which parts of the kernel have been open source since XP) nor Windows Defender has been undermined. And open source professionals have stated themselves that open source is not the answer to the malware problem.

As it stands, solid security tweaks (made possible by and endorsed by Microsoft) of Windows remain the single most effective method to keep the local host secure.
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
That's odd... I thought you were the MT's resident all-knowing Enterprise expert, but yet you do not understand the significance of a SolarWinds software breach?

I guess ultimately what really matters is if MS followed MS's best practices and permanently blocked rundll32.exe and regsvr32.exe. :ROFLMAO:

The source code was leaked. I am sorry you are not a dev, but to most dev's this means one thing and one thing only. They most likely had access to the entire code base.
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
For the typical home user, there is no evidence that anyone can provide that irrefutably proves that your typical Windows user is the epidemic that the click-bait IT security news and security software publishers would want everyone to believe. Afterall, fear mongering is the number 1 marketing tactic. For home users, the threat of malware is blown out of proportion to real world experience. The user sitting in front of the PC has much more to do with their security than the security strategy or software, to the extent that the user's choice of security software is essentially irrelevant.

Just like this latest Microsoft network compromise. There is no proof whatsoever that any part of the Windows OS (which parts of the kernel have been open source since XP) nor Windows Defender has been undermined. And open source professionals have stated themselves that open source is not the answer to the malware problem.

As it stands, solid security tweaks (made possible by and endorsed by Microsoft) of Windows remain the single most effective method to keep the local host secure.
Just so that everyone is aware, JT, aka mazskolnieces, aka hjlbx, aka Jeff_T - Testing Group, aka Lockdown, aka Unrealistic, aka Pixy Stix, aka Bittricks, aka .\urbeat.ps1, aka youbelonginanoven (along with many other aliases), has been stalking me for over 4 years, which is why you will see him reply to many of my posts in many different threads. I believe his goal is to make me look as bad as possible and to eventually win an argument against me. But the thing is, I do not argue when I do not have evidence to back up my claims and also, I am man enough to admit when I am wrong.

JT STOP CYBERSTALKING ME!
 

mazskolnieces

Level 3
Well-known
Jul 25, 2020
117
That's odd... I thought you were the MT's resident all-knowing Enterprise expert, but yet you do not understand the significance of a SolarWinds software breach?

I guess ultimately what really matters is if MS followed MS's best practices and permanently blocked rundll32.exe and regsvr32.exe. :ROFLMAO:

The source code was leaked. I am sorry you are not a dev, but to most dev's this means one thing and one thing only. They most likely had access to the entire code base.
You mean you didn't know that Microsoft made the Windows kernel code available going all the way back to XP era ?

Microsoft has always made its product source codes available to governments and academic researchers. All the files have been out there for ages. So even if the attackers did have access to the entire code, it's most likely irrelevant to security.
 

mazskolnieces

Level 3
Well-known
Jul 25, 2020
117
Just so that everyone is aware, JT, aka mazskolnieces, aka hjlbx, aka Jeff_T - Testing Group, aka Lockdown, aka Unrealistic, aka Pixy Stix, aka Bittricks, aka .\urbeat.ps1, aka youbelonginanoven (along with many other aliases), has been stalking me for over 4 years, which is why you will see him reply to many of my posts in many different threads. I believe his goal is to make me look as bad as possible and to eventually win an argument against me. But the thing is, I do not argue when I do not have evidence to back up my claims and also, I am man enough to admit when I am wrong.

JT STOP CYBERSTALKING ME!
I don't know what you're talking about.

Who is JT ?
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
The Solorigate incident has nothing to do with hardening the system. The malicious DLLs in malicious SolarWinds applications were digitally signed as a part of the application update. It was not a direct attack, but the update was inadvertently downloaded by the user. The incident was related to compromising one internal account which was next used to view some source code.
Anyway, Microsoft admits that the internal security model is not perfect:

"At Microsoft, we have an inner source approach – the use of open source software development best practices and an open source-like culture – to making source code viewable within Microsoft. This means we do not rely on the secrecy of source code for the security of products, and our threat models assume that attackers have knowledge of source code. So viewing source code isn’t tied to elevation of risk.

As with many companies, we plan our security with an “assume breach” philosophy and layer in defense-in-depth protections and controls to stop attackers sooner when they do gain access. We have found evidence of attempted activities which were thwarted by our protections, so we want to re-iterate the value of industry best practices such as outlined here, and implementing Privileged Access Workstations (PAW) as part of a strategy to protect privileged accounts. We will provide additional updates if and when we discover new information to help inform and enable the community. As we learn more from our own internal investigation, and from helping customers, we will continue to improve our security products and share these learnings with the community. For the up-to-date information and guidance, please visit our resource center at https://aka.ms/solorigate.
"
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
Just so that everyone is aware, JT, aka mazskolnieces, aka hjlbx, aka Jeff_T - Testing Group, aka Lockdown, aka Unrealistic, aka Pixy Stix, aka Bittricks, aka .\urbeat.ps1, aka youbelonginanoven (along with many other aliases), has been stalking me for over 4 years, which is why you will see him reply to many of my posts in many different threads. I believe his goal is to make me look as bad as possible and to eventually win an argument against me. But the thing is, I do not argue when I do not have evidence to back up my claims and also, I am man enough to admit when I am wrong.

JT STOP CYBERSTALKING ME!
Dan, just let it go, be the wiser one.
Do not take everything somebody post in a forum so personal.
I was really enjoying your participation in the testing done by @harlan4096 and hope to see more of those constructive posts.
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
Dan, just let it go, be the wiser one.
Do not take everything somebody post in a forum so personal.
I was really enjoying your participation in the testing done by @harlan4096 and hope to see more of those constructive posts.
Yeah, I am going to ignore him from now on... I just wanted to make sure outsiders were aware.
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
The Solorigate incident has nothing to do with hardening the system. The malicious DLLs in malicious SolarWinds applications were digitally signed as a part of the application update. It was not a direct attack, but the update was inadvertently downloaded by the user. The incident was related to compromising one internal account which was next used to view some source code.
Anyway, Microsoft admits that the internal security model is not perfect:

"At Microsoft, we have an inner source approach – the use of open source software development best practices and an open source-like culture – to making source code viewable within Microsoft. This means we do not rely on the secrecy of source code for the security of products, and our threat models assume that attackers have knowledge of source code. So viewing source code isn’t tied to elevation of risk.

As with many companies, we plan our security with an “assume breach” philosophy and layer in defense-in-depth protections and controls to stop attackers sooner when they do gain access. We have found evidence of attempted activities which were thwarted by our protections, so we want to re-iterate the value of industry best practices such as outlined here, and implementing Privileged Access Workstations (PAW) as part of a strategy to protect privileged accounts. We will provide additional updates if and when we discover new information to help inform and enable the community. As we learn more from our own internal investigation, and from helping customers, we will continue to improve our security products and share these learnings with the community. For the up-to-date information and guidance, please visit our resource center at https://aka.ms/solorigate.
"
This is universally true. Blue teams always assume the red team has full access. It would be silly for the blue team to pretend that they did not.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top