top | item 26287532

(no title)

burnthrow | 5 years ago

People focus on the password because it's the only part of the story they can relate to or understand. Orange County Rep. Katie Porter:

> "I've got a stronger password than 'solarwinds123' to stop my kids from watching too much YouTube on their iPad ... You and your company were supposed to be preventing the Russians from reading Defense Department emails!"

Words fail.

discuss

owenmarshall|5 years ago

Is she that wrong? I don’t think so.

Do I think most private companies could defend against Double Dragon or Lazarus or Fancy Bear? No, if a state level adversary is attacking you and the payoff is that good, you are going to get popped.

But a strong posture makes it harder, which means they throw more at you and you have a chance of picking up on the attack. Best case, anyways. Worst case, you get to testify to Congress that your security measures were top notch and industry leading. That sounds a shit ton better than “we left a screen door open and didn’t notice for months.”

burnthrow|5 years ago

She's wrong to imply that if only SolarWinds had followed her iPad password policy, the attack would have been stopped. And she's mistaken about Orion's use case, which has nothing to do with email security.

And while Russia conducted this attack, I'm tired of the Russian scarecrow: SolarWinds' job here has nothing to do with Russia.

But mostly I'm jaded by ambitious SoCal pols neglecting their districts to score easy points on national issues.

throwawayboise|5 years ago

> if a state level adversary is attacking you and the payoff is that good, you are going to get popped

So we should assume Windows, Linux, every CDN, every major firewall, switch and router, etc. are all owned by Russia?