SolarWinds = Theranos of Cyber Security?

SuperMatt

Site Master
Vaccinated
Posts
6,777
Reaction score
13,018
It sounds like the people working at SolarWinds are awesome at marketing to big companies, and really bad at actual cyber security.


Most executives are grossly overpaid in America, and the results come in all the time. They are totally disconnected from their employees in many cases, and listen to ‘yes men’ instead of the experts. So, to get rich these days, being able to schmooze overpaid executives is far more important than a good business model, or products that actually do something.
 

Thomas Veil

Suspended
Posts
3,450
Reaction score
6,792
Wasn’t Theranos an actual con job, though? This looks more like a real business that wasn’t ready for prime time.
 

jonblatho

Active member
Vaccinated
Posts
40
Reaction score
93
Location
Oklahoma
Wasn’t Theranos an actual con job, though? This looks more like a real business that wasn’t ready for prime time.
Setting a software update server’s password to “solarwinds123” in the first place, let alone apparently leaving it that way after someone pointed out that they were able to access it with that password, is active malpractice for a cybersecurity firm. That’s not an “oops”; that’s just plain stupid.
 

rdrr

Site Champ
Vaccinated
Posts
311
Reaction score
588
The alleged stuff is shit you should not see on a live server. You wouldn't even use it on a honeypot, because you couldn't learn anything useful from it.
Hate to disagree with you, but solarwinds products are not all shit. There are some very useful monitoring/troubleshooting aspects of it that a lot of Fortune 500, government, and major communications entities that use it.
 

thekev

Elite Member
Posts
1,063
Reaction score
1,603
Hate to disagree with you, but solarwinds products are not all shit. There are some very useful monitoring/troubleshooting aspects of it that a lot of Fortune 500, government, and major communications entities that use it.

I used the term alleged, because I didn't feel like digging. Anyway, having some useful stuff doesn't lend them a pass for that kind of password boondoggle. It's a pretty bad sign of either policy or poorly enforced policy.
 

rdrr

Site Champ
Vaccinated
Posts
311
Reaction score
588
I used the term alleged, because I didn't feel like digging. Anyway, having some useful stuff doesn't lend them a pass for that kind of password boondoggle. It's a pretty bad sign of either policy or poorly enforced policy.
Agreed, but to be fair there are a lot of published default passwords out there for major corporate products and even consumer products (think linksys routers). It all boils down to laziness, but that isn't an excuse. I got a feeling that there were a few people fired over this, and probably a lot more... CEO/President and a few VPs. Plus I think there is a less than 50% chance Solarwinds survives this.
 
Top Bottom