That is a tiny capacitor that sits on your motherboard with a very thin glue.
You practically need a microscope to move one, and there are hundreds of them
on each board. So which one is it? Maybe you can just scrape it off.
Buy there is another problem: OEM. That means an outside builder, Superm
Thankyou to James Cuff for linking to The Register's article :
https://www.theregister.co.uk/2018/10/04/supermicro_bloomberg/
On Thu, 4 Oct 2018 at 20:52, Andrew Latham wrote:
>
> And news directly from Supermicro
> https://www.supermicro.com/newsroom/pressreleases/2018/press181004_Bloomberg.cfm
And news directly from Supermicro
https://www.supermicro.com/newsroom/pressreleases/2018/press181004_Bloomberg.cfm
On Thu, Oct 4, 2018 at 8:48 AM Douglas Eadline wrote:
>
> https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-comp
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
___
Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing
To change your subscription (digest mode or unsu
The denials by Amazon, Apple and Supermicro aren't surprising as all risk
losing consumer confidence, Amazon and Apple most of all. Unlike everyone
here, much of the public are technology neophytes and could be scared away
from things like Amazon purchases, ApplePay/iTunes and other e-commerce
tran
For Ar's report on this:
https://arstechnica.com/gadgets/2018/10/bloomberg-super-micro-motherboards-used-by-apple-amazon-contained-chinese-spy-chips/
"""
Super Micro, Apple, and Amazon all deny every part of the Bloomberg
story. Amazon says that it's untrue that "[Amazon Web Services] worked
with t
If the extra chip was added to the original design I wonder how hard it
would be to cut it back out again? Admittedly if this amounts to much
more than "crush it with a pair of needlenose pliers" or "place a
soldering iron on it for 20 seconds" it would be impractical and likely
not economical
I think it's also safe to assume that activating the hardware implants
would be done only for extraordinarily high value targets as widespread
use would almost guarantee that someone would eventually notice, capture
and study the traffic no matter how well it was hidden and thus blow up
an incr
On Thu, Oct 4, 2018 at 6:48 AM Douglas Eadline wrote:
> https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
I don't know, that Bloomberg piece seems to be lacking specific
technical details to be really credible. There's
If they could compromise potentially hundreds of thousands of servers they
could likely setup a seemingly legit site, like a CentOS mirror, and take
in data that looks legit.
On Thu, Oct 4, 2018 at 8:54 AM John Hearns via Beowulf
wrote:
> How does the data get "back to base" ?
> I would encrypt
How does the data get "back to base" ?
I would encrypt it within an NTP or a DNS request - but that assumes
outgoing NTP/DNS is not firewalled off.
I guess just encrypted in an HTTP(s) payload makes sense - servers
make requests to all sorts of software repositories etc.
On Thu, 4 Oct 2018 at 16
On 10/04/2018 11:17 AM, Jeff Johnson wrote:
I respectfully disagree. The BMCs in modern server designs are plumbed
to every onboard network interface on the motherboard. So it’s not just
a matter of the “dedicated management port”. The chip would have access
to every onboard LAN. If any network
I must have installed thousands of Supermicro servers
My current status - hiding behind the sofa with the light off waiting
for MI${N} to ring the doorbell.
On Thu, 4 Oct 2018 at 16:18, Jeff Johnson
wrote:
>
> I respectfully disagree. The BMCs in modern server designs are plumbed to
> every
I respectfully disagree. The BMCs in modern server designs are plumbed to
every onboard network interface on the motherboard. So it’s not just a
matter of the “dedicated management port”. The chip would have access to
every onboard LAN. If any network was routable to the outside it would be
potenti
On 10/04/2018 09:47 AM, Douglas Eadline wrote:
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
Key snippet:
"The illicit chips could do all this because they were connected to the
baseboard management controller,
1. Everyone has Supermicro stuff somewhere (important note that the attack
could have been any brand with majority share so replace with
$popularvendor)
2. Supermicro makes embedded boards too
3. It is safe to assume the worst at all times and run a honeypot on vlan1
and limit new outbound connecti
Answer to #3 is SuperMicro. This morning Charles finds himself up s___creek
without a paddle. Question is were they setup by a component supplier or is
there someone compromised inside SMCI?
On Thu, Oct 4, 2018 at 06:48 Douglas Eadline wrote:
>
> https://www.bloomberg.com/news/features/2018-10-
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
(limited free articles)
First question: So who has Supermicro motherboards?
Second question: Where else are these devices?
Third question: Who else is making/inserting
18 matches
Mail list logo
