This video will take a detailed look at what the term build-info is all about and why it will help us protect against attacks such as the Solarwinds Hack.
What is the concept behind the term - build-info?
Let's start at the very beginning and clarify the basic principle behind the term build-info. The term build-info has been coined for many years by the company JFrog, among others. This is a particular type of repository.
This repository stores the information that describes the context that led to the creation of a binary file. With this information, you can now achieve a wide variety of things.
What components does build-info consist of?
The content of a build-info is not strictly defined. Instead, the approach that applies is that the more, the better. Of course, you have to proceed with caution here too. All possible parameters are collected. In addition to the date and time, the system on which the process was run, which operating system was used in which patch level, to active environment variables, compiler switches and library versions.
The challenge is actually that it is not known which information will later be helpful and expedient. For this reason, more rather than less should be saved.
Why do we actually need a build-info?
The task of a build-info is to enable the observation, or rather, the analysis of a past situation. There can be a variety of reasons for this. For example, it can be used to improve quality, or it can be the basis for reconstructing a cyber attack that has taken place. And with that, we come straight to the event that got everything rolling in the recent past.
Trigger - SolarWinds Hack
One of the others will have heard or read something about it. We are talking about one of the most significant cyberattacks that have ever taken place. It's the SolarWinds Hack. Here it was not the final target that was attacked directly, but a point in the supply chain. SolarWinds is a software company that provides a product for managing network infrastructure. With just over 300,000 customers worldwide, this software's automatic update process has been the target of the attack. It was not the update process itself that was compromised, but the creation of the binaries that will be distributed with this update process. The attack took place on the company's CI route to immediately infect the newly created binaries with each build. Here the CI route was manipulated so that another component was added to the binary to be generated. This component can be thought of as a kind of initial charge. As soon as this has been ignited or activated, further components are dynamically reloaded. As a result, each infection had different forms. These files were then offered to all customers by means of an automatic update. Thus, over 15,000 systems were infiltrated within a short time.
Reaction - Executive Order of Cybersecurity
Since there were many well-known US companies, US organizations and US government institutions among the victims, the question arose of how to counter such a threat from the US state in the future. The US government has decided that one begins with the complete cataloguing of all software components in use, including all their constituent parts. This obligation to provide evidence was formulated in the "Executive Order of Cybersecurity". However, when I first heard about an executive order, I wasn't sure what that actually meant.
What is an executive order?
An executive order is a decree of the US President that regulates or changes internal affairs within the state apparatus. You can think of it as a US president like a managing director of a company who can influence his company's internal processes and procedures. In doing so, no applicable law can be circumvented or changed. With such an executive order, no law can be changed, stopped or restricted. But it can change the internal processes of the US authorities very drastically. And that's exactly what happened with this Executive Order of Cybersecurity, which has directly impacted the US economy. Every company that works directly or indirectly ....
________________________________________________________________________________________________
►► Sven Ruppert WebSite https://svenruppert.com
________________________________________________________________________________________________
►► Would you like to support my channel financially? https://paypal.me/outdoorskills
________________________________________________________________________________________________
►► My social media channels
Instagram: / sven.ruppert
Facebook: / sven.ruppert
Facebook Page: / sven.outdoor
________________________________________________________________________________________________
►► You can find more equipment I used at
https://svenruppert.com/my-outdoor-eq...
Информация по комментариям в разработке