Washington Current and former top executives at SolarWinds are blaming a company intern for a critical lapse in password security that apparently went undiagnosed for years.
The password in question,"solarwinds123," was discovered in 2019 on the public internet by an independent security researcher who warned the company that the leak had exposed a SolarWinds file server. Several US lawmakers ripped into SolarWinds for the password issue Friday, in a joint hearing by the House Oversight and Homeland Security committees.
ZICONOTIDE LMAO! solarwinds --- Lying 100% They have/had NationalSecurity Contracts with the DeptofDefense TheJusticeDept attorneygeneral ODNIgov CIA NSAGov Snowden FBI StateDept wikileaks EFF MFA_China mfa_russia MFAThai CzechMFA NOTHINGISSECURE ~Zi
SolarWinds blaming such a basic security lapse on an intern is incredibly bush league in so many ways. It calls into question the company’s management and security procedures, monitoring, auditing, reporting, and follow-up. Breathtaking. natsec processintegrity
If true I wonder if this was even a paid intern.
Why did it take 2 years to find the weak password? Then when reported, why did it take days to remove it? 🤔
This narrative is utter nonsense. Dig deeper, or at least pay attention to security professionals sounding off on why a simple password without MFA wouldn't confer the abilities necessary to contaminate builds with malware. Sheesh.
Yup it’s an interns fault. That there was no password management. I’m sure that intern was there for 3-6 months and no one checked their work for 2-3 years.
How much was the intern being paid with the fate of the company apparently in their hands?
Don’t you dare blame this poor reporting on an intern.
Should we believe that, pulling such a sophisticated attack (in the history of cyber) with just a simple password set by Intern ? It makes no sense....
Okay one intern password...how naive is your security that you break one layer and you gain full access?! Are you kidding me?! Playing blame game! HireBetterEngineers
This must be a joke...a 6 year old could guess that password in 6 minutes or less.
You mean they blame themselves for not setting up a security regime that would never have allowed a single intern to do this without it being noticed?
Narrator: it wasn't the intern.
Why are their passwords set by interns. What kind of security company is this?
If the “intern” has the power to introduce an issue like that, it is still the leadership’s fault. what is this charade?
Weak corporations blame their interns.
It should be 'Solarwinds123'
Good grief 🙄. Someone needs to pay for that foolishness.
I bet they're bff's.
Even the SME companies have strong password policy with 2FA authentication and password storage manager 🤔 It is a must and start to use from day one.
That should do wonders to allay any fears their customers have.
Did the intern work there for years?
No minimum password complexity requirement at a big corporation? This just sounds like mismanagement.
It wasn’t the Intern, it was the CEO’s dog Skippy
Clearly false. If not, your tech company needs a security overhaul
Solid leadership skills right there.
If one intern was to blame, their secure system isn’t secure. CompanyName123 😐
An intern, in a internship that lasted years, yes, of course, why not?
So you're saying this leading information security company allowed an intern to set a password like this and then never revoked the access for the account for 4 years? They understand that this is worse, right?
Suspect such blame will backfire, if it hasn’t already.
There are so many ‘no’s’ in this whole plot. And how come the term brute force comes up? Nobody needs to brute force solarwinds123....
Geniuses
One of the most basic aspects of every single cybersecurity or information assurance framework. If your company can't set a complex password, it's not the intern's fault. Hopefully the shareholders have sense enough to put in a new board soon.
So, no blame for the IT and infosec managers for not conducting regular password audits, requiring strong passwords, regular resets, etc.? LMAO.
Pathetic. Nobody should ever do business with SolarWinds again if they can prevent it.
What about creating and enforcing security policies? What about operational processes for Identity and Access Management? What about detecting active cyber threats?
This is such bullshit.
The ones should be on the executives
Lol wtf 😂
What didn't come out was the same intern was in charge of the HR/Payroll Systems too. /s
The executive when things go well: 'Of course it's fair I make this much money, I have so many responsibilities and have a key role in my company's operation.' The executive when disaster strikes: 'It's all the intern's fault, don't look at me.'
I don't even set passwords that easy for useless social media accounts. it's time to stop who's in charge here where are your parents I'm about to call child protective services where are your parents
Security is a high paying job for a reason.... that's why you don't let interns do checks like that or at least have auditors that check your systems
The 'Whipping Boy' tradition lives on. It is common for CEOs and the executive staff to 'delegate' the most crucial security decisions a few layers below themselves so they have plausible deniability. But an intern!!!!
When Interns run the world we have a lack of executives.
well why wouldn't they cycle passwords every few months solarwinds left their intern in a position to destroy their security?
solarwinds Classy move there. You should blame the Cleaner for not checking the CI/CD Pipeline for bugs too, as presumably the more technical the job, the lesser paid and senior the responsible person, right? In Solarwinds Company, RACI RACI's you!
Plot twist: there was no intern. Just bad and lazy practices that someone on the ground probably complained about for years that higher ups deemed unnecessary to change.
Wait, so they are blaming one of the biggest hacks in US history on an intern? Not their policies, procedures, training and oversight.... oh, ok. Way to pass the buck solarwinds
Bad password policies are to blame. Which is not the interns or any other user's fault. That precedure should have been in place to deter this activity from the start. Furthermore, this has a tremendous negative effect for interns as a whole...😐
Wow, throwing the interns under the bus is not a good look for leadership at any corporation
Whoever designed the leadership architecture—- explain .... “a company intern” positioned at “critical lapse” Why? Benefit — Damage Control : CYA
solarwinds If your passwords are set by interns then your company doesn't deserve to be in operation..!! Why scapegoat an intern for your failures?
That is absolute building. Blame the INTERN?
B.S. Anywhere I've been had a log. If they didn't have one, they sure as sh*t had one by the time I left. If they didn't have, or couldn't bend the IT ticketing system for it, we ran it off a spreadsheet on an execs-only share until they saw how many times it saved their asses.
'We identified the problem and have taken steps to ensure it can never happen again.'
'Putin did it' is so 2017. We're back to 'the intern did it', it seems.
'Blame the intern' Is not the solution you are looking for. Do better management in big companies.
do they think blaming an intern is going to make them look *better?* It's pretty embarrassing that they don't have the processes in place to prevent an intern from doing this
While not fair to blame an intern for this, it is very true that in corporate America, interns and juniors are in charge of way more than they can handle, just to increase shareholder profits a bit, until it all comes tumbling down. In the end, you always get what you pay for.
Wow....sack them all. An intern shouldn't be able to do anything to compromise security
1. Older generations use passwords like that... not a young intern 2. If the intern did make it, who let the intern set a secure password?! 3. For security reasons, why is the password not changed every few months? 4. This is bull...
No, fuck you. It's your fucking fault. Don't blame an intern who was probably unpaid.
Security lapse was still there fault!
Interns only have the power to make mistakes like that because the company brass don't care who is responsible for what so long as they are all cashing in. Embarrassing abdication of responsibility here.
When top executives are blaming ONE intern and ONE password for explaining such a « chain reaction », it means to me they were at the wrong place in this company and should try to find something else for a living... 🧐
Then what u r doing when a person already told you about that is u took action
The funny thing is that people are outraged by this... ho boy if only most of you guys knew that 'What should be done' is sadly not a real world scenario most of the time. ... I (sadly) speak from experience there and even after bringing stuff up it wasn't changed.
An interns fault, and the pasaword has not been changed for years? Wow, I thought SolarWinds are the kings of best practises...
Yea let's blame the intern 👀👀
Lmao you literally can't make this shit up
So the company didn't have a good strong password policy, and didnt give the intern good security training, and it's the intern's fault? Spare me the faulty logic
Where’s the education and password policy? Bread and butter stuff that should have been made available to this poor intern.
Jesus Christ kbt
Why hasn’t solarwinds been put out of business by lawsuits yet?
MAYBE if your password is 'password' for years, there is more than one person responsible for it 😶
Ha ha ha blame an intern. Absolute assclowns 🤦🏻♂️ No, blame your lack of privileged account and password management. Corporate cowardice.
They know that few journalists understand IT enough to know this is crap, and/or hold them accountable for a poor system that supposedly lets one intern undermine their whole business security model. This is “dog ate my homework” levels of excuse and shouldn’t be acceptable.
Dih
That’s shocking!! It should have at least have an exclamation mark on the end! Whoever wrote the specs for the password requirements is as guilty as anyone!
Total lack of leadership.
Blaming interns for managements failures. Pathetic.
Are these people politicians
He should be used as an example of being a boss vs a leader....what a lame dude. Blame the weak link and get away with murder
'intern' | 'for years' 🤐
Arrested not only protesters in Yangon but also those who were standing and working in the area. Sword A military dictator worse than the rebels. PregnantWoman WhatsHappeningInMyanmar Feb27Coup
Poke openfreax ;)
Not sure how that makes it better.... like how did the intern even had access to this stuff?
Wait wait wait. So you telling me allow an internet to have ass to the GitHub with no form of oversight? Also why is the password 'solarwind123' come this is like 'my dog eat my homework' in info sec
The intern had the nuclear codes too?
Ow, why you gotta blame my ilk for....
That’s some top flight weak ass buck passing bullshit right there
You have a policy for a reason! Why there is no special characters? Or why an intern is allowed with such privileges?
AN INTERN?!?
What you paid for is what you get. Intern wins the day
That means the CEO and the head of HR and the entire chain of people who supervised the intern should be fired.
If you think investing is gambling, you're doing it wrong. The work involved requires strategy, skills, tools and Experience. However, the gains you see in a short while are indeed exciting. For more info on this, Inbox or contact me via margaretbaker257gmail.com
How long was he the intern? Intern is supposed to be a short term gig.
Sounds like the board would do better firing the entire executive management suite and replacing them with interns.
Lmao “solarwinds123” ☠️ why was that password allowed?
Literally no one believes that.
Seriously. Any part of that where it was an interns decision is just a cacophony of clusterfuck.
Is this satire?
If an intern can cause a security hole and it's undetected for years, the security failure isn't the intern's, solarwinds. This is punching down and buck-passing of the worst sort.
If the company had such bad security practices that it let an intern make that serious mistake, it is 100% the executives/management fault for not properly instituting good security policies.
Your software and company are massively incompetent if a single intern and one password could cause such a hack. Their attempt to shift blame downward is despicable and shame on CNN for allowing them
So many things wrong here. It's not the intern; it's the company that gave the intern this much power & didn't bother to change passwords. The fault *entirely* lies with the executives. They set policy. They're supposed to hold accountable those who report to them.
Brilliant
Pretty weak password policy
SolarWinds admits they do not offer supervision to interns working in critical systems.
That’s the best you got!
In what universe blaming an intern is an excuse?
It’s unacceptable that you are choosing to air the CPAC conference just for ratings. You did that bs with Orange in 2016 and elevated his campaign to win the presidency. Joe Biden is President now. Enough is enough. Move on. 😑
Unstoppable 🤣🤣🤣
2:35 AM · 27 февр. 2021 г.·SocialFlow
It was the combination on their luggage.
What if he got just hacked? Do they have e-print of his guilt?
Password is pretty weak....for heaven's sake, I could have guessed that one...
“Yeah, when we were coming up with a password, the uh, FedEx guy came in with a delivery, and it, uh, distracted us. Yeah. Damn FedEx.”
This is like Ted Cruz blaming his kids for his trip to Cancun.
In other news, water is wet and Cuomo killed over 10,000 nursing home patients.
Always blame the intern for the CIO’s lapse in leadership.
I wonder if the intern got hired?
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Source: Reuters - 🏆 2. / 97 Read more »
Source: Newsweek - 🏆 468. / 52 Read more »
Source: CNBC - 🏆 12. / 72 Read more »
Source: Variety - 🏆 108. / 63 Read more »
Source: Forbes - 🏆 394. / 53 Read more »