Hello all. So from all accounts it looks like the Russian state actors responsible for the SolarWinds breach may have managed to escalate access and pivot inside Microsoft’s internal network and gain access to a small number of internal accounts.

Microsoft have confirmed that their initial investigation has not identified any evidence of unauthorized access to production systems and/or customer data. They also confirmed that Microsoft systems were not used as a jump point to attack other networks.

The interesting twist to the story is that Microsoft is saying that these internal accounts were however used to access Microsoft source code repositories. From the Microsoft blog, “We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories. The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made. These accounts were investigated and remediated.” (http://bit.ly/3odoe9U)

The problem with this is it could lead to exactly the same MO that was used APT29 used on SolarWinds. Specifically, weaponizing source code at Microsoft. Imagine the fallout. Initial numbers affected by the SolarWinds breach was around 18,000. What if the goal was to perpetrate the exact same attack, but on source code used by the Windows operating system, the Windows Server operating system or Microsoft Office. According to U.S. analytics vendor Net Applications, Windows 10 accounted for 72.2% of Windows-only machines in October 2020 – At that rate of growth, it will run three out of four PCs by the end of January. Now, it is important to note that Microsoft has indicated that although source code was accessed, there is no indication that it was modified. However, can you imagine the fallout of a weaponized DLL for example being pushed out via Windows Update to over 1 billion PCs out there? (http://bit.ly/3bcTdzg)

Read more

Hello All. So most of you diehard CentOS users (I am one of them) must have heard the news by now regarding the fate of the operating system. The Community Enterprise Operating System or CentOS project, owned by RedHat, but still an independent, community-supported computing platform functionally compatible with its upstream source, Red Hat Enterprise Linux (RHEL) has announced a number of changes including:

  • Accelerated end-of-life for CentOS 8; no further operating system updates will be available after December 31, 2021.
  • CentOS 8 will be transformed into an upstream (development) branch of Red Hat Enterprise Linux (RHEL) called CentOS Stream; previous CentOS versions will remain part of the stable branch.

Unfortunately CentOS 8 will no longer be considered appropriate for use in production environments. I can speak for many that this will affect our decisions on OS selection for environments such as AWS going forward, not to mention migration plans of the platform prior to the end of 2021 when the OS will no longer be considered “supported”.

Now, one hitch, the CentOS 7 lifecycle will remain unchanged, with updates and security patches continuing to be available through June of 2024. Though this timeline could potentially change in the future given these recent announcements.

The unfortunate issue is most people on CentOS 8 that do not want to consider the cost of RHEL will move to platforms such as Ubuntu LTS – I assume most providers of shared environments will move to this (i.e. Linode, AWS, etc. as their de facto standard for Linux).

The future of CentOS will be via CentOS Stream.

CentOS Stream is an upstream development platform for ecosystem developers. It is a single, continuous stream of content with updates several times daily, encompassing the latest and greatest from the RHEL codebase. It’s a view into what the next version of RHEL will look like, available to a much broader community than just a beta or “preview” release.

The CentOS Stream project sits between the Fedora Project and RHEL in the RHEL Development process, providing a “rolling preview” of future RHEL kernels and features. This enables developers to stay one or two steps ahead of what’s coming in RHEL, which was not previously possible with traditional CentOS releases. CentOS Stream better connects ISV, IHV and other ecosystem developers to the operating system developers of the Fedora Project, shortening the feedback loop and making it easier for all voices to be heard in the creation of the next RHEL versions.

Further details on the EOL status can be found at: https://wiki.centos.org/About/Product as well as https://blog.centos.org/2020/12/future-is-centos-stream

To read more about CentOS Stream, please visit the RedHat blog site: https://www.redhat.com/en/blog/transforming-development-experience-within-centos

Read more