Discussion:
If you have a SuperMicro board....
Add Reply
David C. Rankin
2018-10-06 00:36:30 UTC
Reply
Permalink
Worth passing along:

We can now add motherboard stealth chips to the list of security concerns


https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies

The upside is the article reads better than any modern day spy novel.
--
David C. Rankin, J.D.,P.E.
james harvey via arch-general
2018-10-05 21:28:06 UTC
Reply
Permalink
On Fri, Oct 5, 2018 at 8:36 PM David C. Rankin
Post by David C. Rankin
We can now add motherboard stealth chips to the list of security concerns
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
I don't know what to think on this, but FWIW, Amazon and Apple deny
this happened. Apple says a lot of the anonymous source background
information is just wrong. They think this might be confusion over a
single driver issue that happened. Apple also says it's not under an
agreement or government ban regarding discussing such an issue.

https://www.cnbc.com/2018/10/04/apple-response-to-china-spy-chip-claims.html
David C. Rankin
2018-10-06 06:55:30 UTC
Reply
Permalink
Post by james harvey via arch-general
On Fri, Oct 5, 2018 at 8:36 PM David C. Rankin
Post by David C. Rankin
We can now add motherboard stealth chips to the list of security concerns
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
I don't know what to think on this, but FWIW, Amazon and Apple deny
this happened. Apple says a lot of the anonymous source background
information is just wrong. They think this might be confusion over a
single driver issue that happened. Apple also says it's not under an
agreement or government ban regarding discussing such an issue.
https://www.cnbc.com/2018/10/04/apple-response-to-china-spy-chip-claims.html
The Register also did a very good story on "Who's telling the truth?" which
leaves it as an open question. But with DOD involved, it makes interpreting
the companies public statements a bit more difficult as they could presumably
be given immunity for any SEC violation with careful wording to advance a
particular denial...

http://go.reg.cx/tdml/dfd67/5bdf87ff/0ca20a03/2Q0X

Regardless of the "He said, she said..." It's pretty clear what happened, and
the preponderance of the evidence isn't that Bloomberg got it wrong...

I'm just glad my two SuperMicro boards predate the time period in question,
but then there was:

FS#58542: [linux] kernels 4.16.6 through 4.16.8 - 140 second boot hang and
multiiple call traces in dmesg I filed on one of my SuperMicro boards

https://bugs.archlinux.org/task/58542 (closed as it disappeared by 4.18.11)

No doubt completely unrelated, but after reading the article, it does make you
wonder.
--
David C. Rankin, J.D.,P.E.
null via arch-general
2018-10-06 01:54:08 UTC
Reply
Permalink
Turns out that Facebook was using these in their servers. They will be
replacing them shortly, or so they said.
Post by David C. Rankin
We can now add motherboard stealth chips to the list of security concerns
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
The upside is the article reads better than any modern day spy novel.
--
David C. Rankin, J.D.,P.E.
Loading...