Miljödata is an IT systems supplier for roughly 80% of Sweden's municipalities. The company disclosed the incident on August 25, saying that the attackers stole data and demanded 1.5 Bitcoin to not leak it.
Yet another sign that governments and corporations should support SECURE programming language development and treat it like other (critical) infrastructure.
I'd rather say we need more cyber anarchy and chaos within Europe. We need security researchers and the CCC and similar organizations with an absolute freedom to hack everything in Europe.
Get into everything, break every security control in Europe, be a pain. As long as function is not impacted, and security problems are reported responsibly. Don't DoS a power plant because you think you can, and face a judge if you do.
That's what foreign powers are doing and slowly collecting as preparation for the future, and that's the only real way to increase cyber security across the board.
We don’t know what happened but rumor is it was a file that was uploaded for an integration and that the server wasn’t secured. Same would have happened no matter if using Rust or any other language.
Miljödata is an IT systems supplier for roughly 80% of Sweden's municipalities. The company disclosed the incident on August 25, saying that the attackers stole data and demanded 1.5 Bitcoin to not leak it.
Related:
https://www.bleepingcomputer.com/news/security/it-system-sup...
https://www.svt.se/nyheter/inrikes/cyberattack-i-datasystem-...
Then nobody paid and pii was published, now an integrity agency is starting an investigation
https://www.svt.se/nyheter/inrikes/integritetsmyndigheten-in...
Yet another sign that governments and corporations should support SECURE programming language development and treat it like other (critical) infrastructure.
I'd rather say we need more cyber anarchy and chaos within Europe. We need security researchers and the CCC and similar organizations with an absolute freedom to hack everything in Europe.
Get into everything, break every security control in Europe, be a pain. As long as function is not impacted, and security problems are reported responsibly. Don't DoS a power plant because you think you can, and face a judge if you do.
That's what foreign powers are doing and slowly collecting as preparation for the future, and that's the only real way to increase cyber security across the board.
Most of the Swedish public sector runs on Java. Problem is it's, like public infrastructure in general, more attractive to build than to maintain.
Doesn't matter what language you use if you don't actually maintain the software.
It matters at least a little. Ceteris parabus, I'd prefer unmaintained rust code over unmaintained java.
That said, I'd also prefer maintained java over unmaintained rust, so I do see your point.
Is there any indication this breach was related to the language used? Or was it something "higher level" like unsecured DB or S3 bucket or similar?
We don’t know what happened but rumor is it was a file that was uploaded for an integration and that the server wasn’t secured. Same would have happened no matter if using Rust or any other language.
Was the leak due to a stack overflow, double free or similar issue?
PHP was developed 30 years ago.