1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Supermicro audit finds no evidence of back doors

Discussion in 'Article Discussion' started by bit-tech, 12 Dec 2018.

  1. bit-tech

    bit-tech Supreme Overlord Staff Administrator

    Joined:
    12 Mar 2001
    Posts:
    1,890
    Likes Received:
    34
    Read more
     
  2. edzieba

    edzieba Virtual Realist

    Joined:
    14 Jan 2009
    Posts:
    2,932
    Likes Received:
    218
    As expected. The interesting bit would be knowing who fed Bloomberg the initial line of bull, and whether they were targeting Supermicro, or Apple & Amazon.
     
  3. Paradigm Shifter

    Paradigm Shifter de nihilo nihil fit

    Joined:
    10 May 2006
    Posts:
    2,059
    Likes Received:
    36
    I still think this was an attempt at stock manipulation, along the lines of CTS Labs and "RyzenFall" (et al.) vulnerabilities that were in... AsMedia chips?

    But it successfully knocked the share price down hard. Investigators need to go looking at who sold (just before this "report") or bought (just after said "report") large amounts of SuperMicro stock.
     
  4. Corky42

    Corky42 Where's walle?

    Joined:
    30 Oct 2012
    Posts:
    9,027
    Likes Received:
    284
    Personally i think it's more a case of some SS goons in fear of loosing funding briefing some technology illiterate journalist about hardware level attacks are possible.
     
  5. Mister_Tad

    Mister_Tad Super Moderator Super Moderator

    Joined:
    27 Dec 2002
    Posts:
    11,974
    Likes Received:
    577
    Is there anyone surprised by this?

    When it first hit the news, I was on the fence between stock manipulation and a journalist getting the wrong end, of the wrong stick. After Bloomberg doubling-down when doubts were raised, I moved a little bit further over to column A.

    Having spyware baked in just seemed a bit too tinfoil-hat for the likes of Supermicro. Maybe China-serv International Business Server Machine Co, but Supermicro?
     
  6. edzieba

    edzieba Virtual Realist

    Joined:
    14 Jan 2009
    Posts:
    2,932
    Likes Received:
    218
    Having hardware-based backdoors inserted into hardware is not in the least tinfoil-hattish (we even have the leaked NSA documents on how they did it by snatching Cisco routers during shipping to customers and adding hardware and firmware mods), but the way Bloomberg were claiming it was done was pure fantasy. Magical redundant optoisolaters snuck onto the BoM, really?
    It would not only be easier, but also more covert, to suborn the supply chain of an existing component; that is something that has already happened in non-malicious incidents (counterfeit parts slipped into the supply chain with genuine ones and making their way to military hardware, for example) and would not leave a 'this component should not be here' telltale.
     
  7. Mister_Tad

    Mister_Tad Super Moderator Super Moderator

    Joined:
    27 Dec 2002
    Posts:
    11,974
    Likes Received:
    577
    I don't doubt that there's all kinds of kit out there with hardware based backdoors implanted through various means.
    It was more the alleged scale and duration of the breach, the levels of oversight and scrutiny that it would have had to just slip through and the number of people that would have had to know about it that left me unconvinced.
     
Tags: Add Tags

Share This Page