nanog mailing list archives
Re: bloomberg on supermicro: sky is falling
From: Mark Rousell <markr () signal100 com>
Date: Thu, 4 Oct 2018 22:52:21 +0100
On 04/10/2018 22:28, Naslund, Steve wrote:
Quite different really. FIREWALK is really an intercept device to get data out of a firewalled or air gapped network. The exploit Bloomberg describes would modify or alter data going across a server’s bus. The big difference is the Bloomberg device needs command and control and a place to dump the tapped data to over the server’s network connection. That device is not going to be able to do so out of any classified military network I have ever worked on. Or anyone with a halfway decent firewall (which I would assume Apple and Amazon would have for the internal servers). I think this article is unlikely to be true for the following reasons : 1. Separate chip is much more detectable physically than an altered chipset that is already on the board. 2. Requires motherboard redesign to get access to power and buses needed (again easily detectable during any design mods “hey does anyone know what these are for?”) 3. Does not have onboard communications so it will be sending data traffic on the network interfaces (will definitely trigger even the most rudimentary IDP systems). It relies on these backbone Internet companies and Intelligence agencies to have absolutely abysmal security on their networks to be at all useful. 4. Parts would have to be brought into the plant, stored somewhere, and all the internal systems would need a trail of where the part came from, how ordered it, where it is warehoused, loaded into pick/place, etc. Much better to compromised an existing chips supply chain.
Whatever the truth here, I'm sure that the article as it is written isn't telling us everything. There's more to this than meets the eye including, quite possibly, the full facts about how data would be exfiltrated and/or, perhaps, exactly what was done to the customers' hardware.
Does anyone think that someone somewhere is trying to kill Supermicro? They sure have had a lots of bad news lately.
Who knows. Perhaps we are intended to come away with certain impressions. -- Mark Rousell
Current thread:
- bloomberg on supermicro: sky is falling Randy Bush (Oct 04)
- Re: bloomberg on supermicro: sky is falling Ken Matlock (Oct 04)
- Re: bloomberg on supermicro: sky is falling Andrew Latham (Oct 04)
- Re: bloomberg on supermicro: sky is falling Eric Kuhnke (Oct 04)
- Re: bloomberg on supermicro: sky is falling Randy Bush (Oct 04)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 04)
- Re: bloomberg on supermicro: sky is falling Mark Rousell (Oct 04)
- <Possible follow-ups>
- Re: bloomberg on supermicro: sky is falling Scott Weeks (Oct 04)
- Re: bloomberg on supermicro: sky is falling Denys Fedoryshchenko (Oct 04)
- Re: bloomberg on supermicro: sky is falling William Herrin (Oct 04)
- Re: bloomberg on supermicro: sky is falling valdis . kletnieks (Oct 04)
- Re: bloomberg on supermicro: sky is falling Mark Rousell (Oct 04)
- Re: bloomberg on supermicro: sky is falling William Herrin (Oct 04)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 04)
- Re: bloomberg on supermicro: sky is falling Denys Fedoryshchenko (Oct 04)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 04)
- Re: bloomberg on supermicro: sky is falling valdis . kletnieks (Oct 04)
- Re: bloomberg on supermicro: sky is falling Denys Fedoryshchenko (Oct 04)