![]() ![]() The two reports are also not very clear on the details, as Stefan Soesanto, Senior Cyber Defence Researcher at the Center for Security Studies at the Swiss Federal Institute of Technology (ETH) in Zurich, pointed out on Twitter earlier today.īefore any guilt is cast on JetBrains’ role in the SolarWinds hack, more details need to come to light. If TeamCity has somehow been used in this process, it could very well be due to misconfiguration, and not a specific vulnerability,” the exec said. “It’s important to stress that TeamCity is a complex product that requires proper configuration. However, the JetBrains CEO, a Russian national currently celebrating the Orthodox Christmas, didn’t completely rule out the possibility that its product could have been abused in the SolarWinds hack. If such an investigation is undertaken, the authorities can count on our full cooperation.” “Secondly, we have not been contacted by any government or security agency regarding this matter, nor are we aware of being under any investigation. “SolarWinds has not contacted us with any details regarding the breach,” he added. ![]() “SolarWinds is one of our customers and uses TeamCity, which is a Continuous Integration and Deployment System, used as part of building software,” Shafirov said. These trojanized Orion updates were downloaded by almost 18,000 SolarWinds customers across the globe and helped Russian hackers breach high-value targets like security firm FireEye, IT giant Microsoft, and the US Department of Justice, among many.īut in a blog post published today, following the publication of the two reports, JetBrains CEO Maxim Shafirov said that the Czech company was unaware of any of these allegations. The two publications cited government sources who are currently looking at the scenario where Russian hackers compromised the TeamCity server used inside SolarWinds and inserted malware into SolarWinds’ Orion app, an IT monitoring platform used by tens of thousands of companies across the world. The two reports claim that SolarWinds used a JetBrains product called TeamCity, a CI/DI server that is used to assemble components into the final software app in a process known as “building.” Please note in particular the error message is giving us on that configuration interface:įailed to process 'buckets' request: Unable to execute HTTP request: PKIX path building failed: .Czech software development firm JetBrains published a statement today denying reports from the New York Times and the Wall Street Journal claiming that JetBrains software was the origin point of the SolarWinds hack that impacted thousands of companies across the globe. What follows is a picture of our configuration, please help us get this working. ![]() Our S3 service can be used and is accessible from other S3 compatible clients, but for some reason we have not been able to make it work yet with TeamCity, and doing it would make the system usage very, very good. Please not that this is not an AWS S3 Storage, but a compatible one provided by our TrueNAS appliance: It must be noted however that JetBrains have countered this advising that they are not aware of any compromises of its products or of investigations into their software. This software allows developers to track changes, trends and perform code quality reviews. However, when configuring the Artifacts storage as "S3 Storage" for our service, I have not been able to make it work yet. The JetBrains software under investigation is TeamCity. We have a NAS system that we would like to use as Artifacts storage, which provides an S3 compatible interface to use it. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |