On 10/04/2018 09:47 AM, Douglas Eadline wrote:
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies

Key snippet:
"The illicit chips could do all this because they were connected to the baseboard management controller, a kind of superchip that administrators use to remotely log in to problematic servers, giving them access to the most sensitive code even on machines that have crashed or are turned off."

My take-away:
This will only impact systems where there is a route between the wider world and the IPMI ports on your servers. That's an extremely terrible practice anyhow since IPMI isn't the most secure protocol, so the solution should be to cordon off your IPMI network to a separate, non-network-attached switch or leave it disconnected entirely if you don't administer your machines in that way. If you've properly secured that network you should be sufficiently guarded at least from an outside intruder having levers into your system. Rogue chips on your boards could of course always impact the system at some future date in a pre-programmed way, but I know of no way to guard against that kind of an attack short of vetting each and every board under suspicion on a chip-by-chip basis.

Best,

ellis

--
Ellis H. Wilson III, Ph.D.
     www.ellisv3.com
_______________________________________________
Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing
To change your subscription (digest mode or unsubscribe) visit 
http://www.beowulf.org/mailman/listinfo/beowulf

Reply via email to