[FRIAM] 5 agencies compromised

Tue Dec 15 15:23:36 EST 2020

Web-based (most software) systems are a complicated Jenga tower of dependencies, each one of which provides an access point for introducing malware, trojans, viruses, etc. The story of Azer Koçulu and how his removal of eight lines of code (left-pad) brought down major Web actors and sites

    https://qz.com/646467/how-one-programmer-broke-the-internet-by-deleting-a-tiny-piece-of-code/

should be informative.

Part of the reason that I have been arguing that software development — specifically software engineering — is not sustainable,

    https://medium.com/swlh/it-is-not-sustainable-cb2c379baf4b

davew

On Tue, Dec 15, 2020, at 10:33 AM, uǝlƃ ↙↙↙ wrote:
> Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise 
> Multiple Global Victims With SUNBURST Backdoor
> https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
> 
> What I want to know is *how* did the trojan MSP update get on the 
> SolarWinds server in the first place? Am I missing where they tell that 
> part of the story? Or do they not know? At one security conference, I 
> heard a nerd claim that Linux systems were trivial to hack. All you 
> need is a weakness in their package/dependency management tool (e.g. 
> Yum). Yikes!
> 
> Philosophically, we're closer and closer to the concept that data is 
> code and code is data ... which for the psychology-obsessed, sounds a 
> lot like pure behaviorism and some kind of holographic principle. (And 
> note the paragraph on steganography in that article!)
> 
> -- 
> ↙↙↙ uǝlƃ
> 
> - .... . -..-. . -. -.. -..-. .. ... -..-. .... . .-. .
> FRIAM Applied Complexity Group listserv
> Zoom Fridays 9:30a-12p Mtn GMT-6  bit.ly/virtualfriam
> un/subscribe http://redfish.com/mailman/listinfo/friam_redfish.com
> archives: http://friam.471366.n2.nabble.com/
> FRIAM-COMIC http://friam-comic.blogspot.com/ 
>