SolarWinds = Theranos of Cyber Security?

SuperMatt

Site Master
Posts
7,690
Reaction score
14,520
It sounds like the people working at SolarWinds are awesome at marketing to big companies, and really bad at actual cyber security.


Most executives are grossly overpaid in America, and the results come in all the time. They are totally disconnected from their employees in many cases, and listen to ‘yes men’ instead of the experts. So, to get rich these days, being able to schmooze overpaid executives is far more important than a good business model, or products that actually do something.
 

Thomas Veil

Suspended
Posts
3,450
Reaction score
6,796
Wasn’t Theranos an actual con job, though? This looks more like a real business that wasn’t ready for prime time.
 

jonblatho

Active member
Vaccinated
Posts
44
Reaction score
101
Location
Oklahoma
Wasn’t Theranos an actual con job, though? This looks more like a real business that wasn’t ready for prime time.
Setting a software update server’s password to “solarwinds123” in the first place, let alone apparently leaving it that way after someone pointed out that they were able to access it with that password, is active malpractice for a cybersecurity firm. That’s not an “oops”; that’s just plain stupid.
 

rdrr

Site Champ
Vaccinated
Posts
409
Reaction score
742
The alleged stuff is shit you should not see on a live server. You wouldn't even use it on a honeypot, because you couldn't learn anything useful from it.
Hate to disagree with you, but solarwinds products are not all shit. There are some very useful monitoring/troubleshooting aspects of it that a lot of Fortune 500, government, and major communications entities that use it.
 

thekev

Elite Member
Posts
1,088
Reaction score
1,635
Hate to disagree with you, but solarwinds products are not all shit. There are some very useful monitoring/troubleshooting aspects of it that a lot of Fortune 500, government, and major communications entities that use it.

I used the term alleged, because I didn't feel like digging. Anyway, having some useful stuff doesn't lend them a pass for that kind of password boondoggle. It's a pretty bad sign of either policy or poorly enforced policy.
 

rdrr

Site Champ
Vaccinated
Posts
409
Reaction score
742
I used the term alleged, because I didn't feel like digging. Anyway, having some useful stuff doesn't lend them a pass for that kind of password boondoggle. It's a pretty bad sign of either policy or poorly enforced policy.
Agreed, but to be fair there are a lot of published default passwords out there for major corporate products and even consumer products (think linksys routers). It all boils down to laziness, but that isn't an excuse. I got a feeling that there were a few people fired over this, and probably a lot more... CEO/President and a few VPs. Plus I think there is a less than 50% chance Solarwinds survives this.
 
Top Bottom