.png "back to home page")
If you are the leader and you blame the intern for a giant world altering mistake, everyone else should blame you for bad leadership, management, oversight, and training. https://t.co/tLxuvbXQ1e
— Josh Elman ?? (@joshelman) February 27, 2021
From the Whitmer school of management. Take no responsibility and throw underlings under the bus (or keyboard). https://t.co/zd6FDzWBUD
— Greg McNeilly (@gregmcneilly) February 26, 2021
Instead of blaming an intern’s password choice, would love focus on company-wide *technical tools to back people up if and when they make mistakes*. Password managers to store long & random passwords, MFA, patching, etc are a better use of energy here.https://t.co/5jejjAHcHQ
— Rachel Tobac (@RachelTobac) February 27, 2021
SolarWinds leaders told Congress the password "solarwinds123" was a quickly fixed intern's error. Records show it was a publicly accessible software-update server with password visible for two years. A company email from 2019 notes "exposed credentials." https://t.co/UTfYWYNTFP
— Jeff Elder (@JeffElder) February 27, 2021
If an intern is responsible for your password security, you're doing it wrong. https://t.co/EMSpu9edsG
— Adam Levin (@Adam_K_Levin) February 27, 2021
In reviewing my tweets, I discovered that all the bad ones were done by an intern. I apologize and the intern has been terminated. This is lame. https://t.co/nL8KgRQHYS
— Dan Scheinman (@dscheinm) February 28, 2021
The fact that SolarWinds is blaming an intern shows huge cultural issues at the company (OK! former CEO, but protecting the company still)
— J?se! (@jandrade) February 28, 2021
The intern did NOTHING wrong. The executives blaming the intern must leave. They are the root of the problem.https://t.co/DWuvbX1DZ9
Blaming the intern means they have no control over password reuse, quality and security processes, not to say proper training . It doesn't make the situation look better. https://t.co/QnI3NeXkEV
— João Paulo Barraca (@jbarraca) February 28, 2021
@thespybrief Ummm... ? Summer intern? With that much power & responsibility? Cool story. Covfefe-level even. Even if true, the responsibility would lie elsewhere... https://t.co/dxsfhd1FMq
— Stacey Zinke-McKee (@StacezMcKee) February 28, 2021
IT Security is about leadership from the top. So this Is a very bad example. And if an intern can fuck up your security this bad, your processes are fucked up pretty badly. So yeah, blame the intern, CEO https://t.co/R1YlRSjBDe
— Hauke (@h4uk3) February 27, 2021
if you weren't already ripping solarwinds out of your infrastructure, this sure as hell should be the reason to do it now
— Internet of Shit (@internetofshit) February 27, 2021
Little known fact: Intern is Latin for scapegoat. https://t.co/pXbXGyIPjK
— Jerry Gamblin (@JGamblin) February 27, 2021
If your company didn’t implement a password manager years ago that’s a management fuck up, nothing else https://t.co/nW06kYsAQ1
— Very Fungible Leigh Drogen (@LDrogen) February 27, 2021
This company should be sued into the ground -- and the hedge fund in control should be ruined with it -- for installing management that allows an intern to screw up with such consequences.
— Dan Gillmor (@dangillmor) February 27, 2021
Of course, you have to believe this explanation in the first place, which I do not. https://t.co/QiN8fCHxI1
Ex CEO Thompson: The "SolarWinds123" password was the fault of an intern who then posted to GitHub.
— Joe Uchill (@JoeUchill) February 26, 2021
They mitigated the same day they were informed.
this hack brought to you by anti-2fahttps://t.co/jZjFGQGGjv
— Dr. Colin McMillen (@mcmillen) February 28, 2021
If an intern’s password being publicly discoverable is enough to compromise your entire system, methinks the intern is not the problem here. https://t.co/bIh7qX3m3C
— Techni-Calli (@Iwillleavenow) February 27, 2021
Finally someone who doesn't blame the Russians for it. https://t.co/kKKCTwPbHk
— Vess (@VessOnSecurity) February 27, 2021
Trying to blame an intern for his failures makes me wonder what else hasn’t made the news yet:
— Chris Adams (@acdha) February 27, 2021
‘Confronted by Rep. Rashida Tlaib, former SolarWinds CEO Kevin Thompson said the password issue was "a mistake that an intern made."’ https://t.co/V1pe3PrXEJ
I find it amazing that SolarWinds refuses to take any responsibility for the breach. This strategy of repeatedly saying “it’s not our fault” is the worst. https://t.co/Ys78fZJFtm
— Kate O'Flaherty (@KateOflaherty) February 27, 2021
Taking this at face value for a second: When an intern screws up, it is _never_ their fault. They’re an intern, they’re supposed to screw up. This means their supervisor failed to provide them an environment where they can screw up safely. https://t.co/VWR75ceq9j
— Clark Valentine (@clarkvalentine) February 27, 2021
The buck stops with the intern apparently. What a weak move, you can tell that the internal leadership structure is rotten and also that their security program seriously sucked. Not sure why would anyone trust them in the future to secure anything. https://t.co/kiPU3WBP2d
— Maxime Rousseau (@maxrousseau) February 27, 2021
these fuckers throwing the intern under the bus when their entire organization failed to have proper policies or review in place to catch them.
— Internet of Shit (@internetofshit) February 27, 2021
if the intern could make an innocent mistake like this, it is *the executives failure* https://t.co/mRlk8Xw85M
I just ... expect more from leaders. https://t.co/EqZyl60Pi2
— Matthew Martin (@MattMartinGFT) February 27, 2021
great way of saying “we don’t code review or train our interns” ? https://t.co/iVPMJe7mwD
— Josh (@Joshbal4) February 27, 2021
SolarWinds leaders told Congress today the password "solarwinds123" was a mistake by an intern. An email from the company in 2019 links the issue to "publicly accessible" data and "exposed credentials." https://t.co/UTfYWYNTFP
— Jeff Elder (@JeffElder) February 27, 2021
Current and former top executives at SolarWinds are blaming a company intern for a critical lapse in password security that apparently went undiagnosed for years.
— CNN (@CNN) February 26, 2021
The password in question, "solarwinds123," was discovered in 2019 on the public internet. https://t.co/SAK99B0Zb8
If you gave an intern the permissions to change a product’s password in such a way that it impacts thousands of customers and never audited it, it’s not the intern’s fault. It’s your fault. https://t.co/bsry9KOpNf
— defund hₙ(X, A) (@hexadecim8) February 27, 2021
Welcome to our summer internship program! No, we won’t pay you, but having the power to disrupt the global software supply chain and cause a massive security incident should even that out. https://t.co/G01M7k8cyt
— Brandon Olin - 200? (@devblackops) February 27, 2021
This is beneath contempt. For a CEO to blame an intern for a breach of this impact is utterly cowardly. https://t.co/KiUiHmda5O
— Nick Selby (@fuzztech) February 27, 2021
Great cybersecurity leadership starts with blaming your interns and buying EDRs to solve/justify your problems. What a time to be alive. $SWIhttps://t.co/l4Kdxk1HTZ
— Matt Suiche (@msuiche) February 27, 2021
SolarWinds: No congressman, its totally the inturns fault we allowed our highly complex and important system to allow a password like ‘solarwinds123.' https://t.co/6sA8jEednz
— High Marshal, Beloved Defender of Freedom Deimos (@Deimosthemagos) February 28, 2021
Former @solarwinds CEO blames intern for 'solarwinds123' password leak
— Trey Rutledge ?? (@treyrutledge3) February 28, 2021
Every company has a "Chad Intern".
Don't let "Chad" bring your company down.
The #DigitalFortress protects against rogue enployees. #DRGN ??https://t.co/VEcbEi1Y1Q
"I've got a stronger password than 'solarwinds123' to stop my kids from watching too much YouTube on their iPad," said Rep. Katie Porter. "You and your company were supposed to be preventing the Russians from reading Defense Department emails!" https://t.co/lH4nHFJu5g
— Chadbeard the Cranky (@chadgarland) February 28, 2021
1.) The attackers were in the company's crown jewel build chain with code signing access, the cause was not an unsecured update server.
— SwiftOnSecurity (@SwiftOnSecurity) February 27, 2021
2.) Many layers of IT security governance have to fail for an incident to occur. They are very hard at scale. Simple narratives are nonsense. https://t.co/kwCXcsFAME
I don’t normally shame companies for a breach. But I will shame you for passing blame for years of not enforcing your password policy on an intern. That’s a ? move. https://t.co/tpaB2i20ek
— Wade Baker (@wadebaker) February 28, 2021
Leadership tip: if you put an INTERN in the position to make this mistake then the failure is yours, not theirs. https://t.co/hvz7FE8Gtk
— John Bull (@garius) February 27, 2021
Another year, another example of a major tech firm blaming a hugely embarrassing failure on a single person. Reminds me of Telstra all over again: https://t.co/Ac38yhn4SQ. Plus ça change. https://t.co/4bHi2bYL6o
— Sam Newman (@samnewman) February 27, 2021
Executives blaming individual low ring employees instead of blaming themselves for their own corporate fragility, as usual. https://t.co/wOu96RjNNT
— Jon (@ormondroyd) February 28, 2021
Great leadership does not feature a “the buck stops at the intern” mentality https://t.co/0HteLZDrbC
— Dave Kellogg (@Kellblog) February 27, 2021
It’s always the intern. ?♂️ https://t.co/ac3obyixfT
— Steven Sinofsky (@stevesi) February 28, 2021
Former SolarWinds CEO blames intern for 'solarwinds123' password leakhttps://t.co/pOXcg5aVmG
— Sami Laiho (@samilaiho) February 28, 2021