Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security Software Privacy

Software Vendor Who Hid 'Supply Chain' Breach Outed (krebsonsecurity.com) 52

Posted by BeauHD from the undercover-investigators dept.
tsu doh nimh writes: Researchers at RSA released a startling report last week that detailed a so-called "supply chain" malware campaign that piggybacked on a popular piece of software used by system administrators at some of the nation's largest companies. This intrusion would probably not be that notable if the software vendor didn't have a long list of Fortune 500 customers, and if the attackers hadn't also compromised the company's update servers -- essentially guaranteeing that customers who downloaded the software prior to the breach were infected as well. Incredibly, the report did not name the affected software, and the vendor in question has apparently chosen to bury its breach disclosure as a page inside of its site -- not linking to it anywhere. Brian Krebs went and dug it up. Spoiler: the product/vendor in question is EVlog by Altair Technologies Ltd.
This discussion has been archived. No new comments can be posted.

Software Vendor Who Hid 'Supply Chain' Breach Outed More

Software Vendor Who Hid 'Supply Chain' Breach Outed

Comments Filter:

  • Product and Vendor (Score:5, Informative)

    by Kunedog ( 1033226 ) on Wednesday February 22, 2017 @04:32PM (#53913869)
    EVlog by Altair Technologies Ltd.

    • "Incredibly, the summary did not name the affected software"

    • Re: (Score:1)

      by Anonymous Coward

      Oh noes, you foild slashdots evil plan to have us read throug their ad-ticles without telling us which fucking Vendor and every unholy future spawn of it we should avoid!!

    • Throw the book at them by burying this they are as guilty as the hackers who breached them

  • Properly posted in the disused lavatory (Score:1)

    by Anonymous Coward

    Got the HHGTTG reference out of the way.

    • Re: (Score:2)

      by TWX ( 665546 )
      Didn't we agree back in the eighties to refer to Douglas Adams' most well-known work as H2G2 or H^2G^2 where superscript is supported?

  • Required Douglas Adams quote (Score:3, Funny)

    by Anonymous Coward on Wednesday February 22, 2017 @04:57PM (#53913987)

    “But the plans were on display”
    “On display? I eventually had to go down to the cellar to find them.”
    “That’s the display department.”
    “With a flashlight.”
    “Ah, well, the lights had probably gone.”
    “So had the stairs.”
    “But look, you found the notice, didn’t you?”
    “Yes,” said Arthur, “yes I did. It was on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying ‘Beware of the Leopard.”

    • "Yes," said Arthur, "yes I did. It was on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying âBeware of the Leopard."

      That would explain why managers at my government IT job hide surplus computer equipment in the women restrooms.

      • Re:Required Douglas Adams quote (Score:5, Funny)

        by dbIII ( 701233 ) on Wednesday February 22, 2017 @08:46PM (#53915019)

        That would explain why managers at my government IT job hide surplus computer equipment in the women restrooms

        That makes perfect sense.
        It's an I pee address.

  • Brian Krebs is awesome, I'm a big fan. (Score:5, Interesting)

    by Anonymous Coward on Wednesday February 22, 2017 @05:06PM (#53914011)

    He's part simple-terms reporter for laypeople, part techie, part detective, part regular guy on the internet. Cheers to Brian for another successful dig!

    I'm really glad he didn't just fold up and go away after the DDOS campaign against him.

Slashdot Top Deals

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Close