Jack Rhysider
๐ค SpeakerAppearances Over Time
Podcast Appearances
Oh man, this is now tugging at me in new ways.
If every firewall vendor is getting hit with the same type of attack, and Sophos is the only one being transparent about what they're seeing and what they're doing to mitigate this, then yeah, I give them a lot of credit for that.
Here's the test, I think, for whether your company is evil or not.
First, it has to be transparent to its customers.
Let them know exactly what kind of configuration changes, updates, or spying, or data collection you're doing on your customer's devices, and in what circumstances, and what's that you're being used for.
And second, be proud of whatever it is you're doing around that.
If you're a company which is making changes to the customer's products,
but then not telling them and secretly adding spyware, but making it so top secret that not many people on your team even know it exists, then I think you might be evil.
If you're afraid to let the public know exactly how you operate because you think it's gonna look bad on you, or maybe because you think it's not even right, then either stop doing it or go public with it.
And Sophos came to the conclusion that while this is not an ideal situation, this threat is novel and sophisticated in ways nobody's ever seen before.
And not only that, whoever was doing this, they're being unethical themselves.
So Sophos had to deploy a novel and sophisticated approach to defending their device.
And while it's not pretty, at least they came out and told us about it through Andrew's blog posts.
We're in the middle of a nasty street fight here, and the gloves are off until we can neutralize this threat.
And again, I give them a lot of credit for that.
So at the same time, they were developing this implant to eavesdrop on the hackers.
They were also in the process of studying those domains which were found in the exploited firewalls.
The hackers pointed all the firewalls to two domains to get updates from, which were not owned by Sophos.