Welcome to European Tribune. It's gone a bit quiet around here these days, but it's still going.
It doesn't help that their FTP password was apparently available on their Github repository:

We're not saying this is how SolarWinds was backdoored, but its FTP password 'leaked on GitHub in plaintext'

Vinoth Kumar, a security researcher, claimed on Tuesday he had made such a report to SolarWinds last November, warning that it could be used to upload files to the server. The password he said he found, in plaintext for all to see, is a textbook example of a weak password that never should have been allowed.

In a message to The Register, Kumar said that on November 19, 2019, he told SolarWinds "their update server was accessible with the password 'solarwinds123' which is leaking in the public Github repo. They fixed the issue and replied to me on [November 22]."

by Bernard on Sat Dec 19th, 2020 at 09:18:31 PM EST
[ Parent ]
I'd call it "human error" if stupidity like that wasn't bog standard across the gamut of SillyCon Valley TechBro-dom.

She believed in nothing; only her skepticism kept her from being an atheist. -- Jean-Paul Sartre
by ATinNM on Sun Dec 20th, 2020 at 03:59:02 PM EST
[ Parent ]


Occasional Series