the govt spends billions every year in cybersecurity, but doesn't find out they've been hacked until it shows up in the newspapers. It was started with a "back door" attack and these clowns in the govt want to force tech companies to put in back doors so the govt can snoop easier?
From
ReutersSecurity researcher Vinoth Kumar told Reuters that, last year, he alerted the company that anyone could access SolarWinds’ update server by using the password “solarwinds123”
“This could have been done by any attacker, easily,” Kumar said.
Neither the password nor the stolen access is considered the most likely source of the current intrusion, researchers said.
Others - including Kyle Hanslovan, the cofounder of Maryland-based cybersecurity company Huntress - noticed that, days after SolarWinds realized their software had been compromised, the malicious updates were still available for download.
The firm has long mooted the idea of spin-off of its managed service provider business and on Dec. 9 announced that Thompson would be replaced by Sudhakar Ramakrishna, the former chief executive of Pulse Secure. Three weeks ago, SolarWinds posted a job ad seeking a new vice president for security; the position is still listed as open.
stupid passwords, no VP for security and they can't even stop uploading a virus to customers days after a known breach.