| bergman on 5 Oct 2018 09:50:30 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies |
Anyone else getting "helpful" notices from salesdroids at Enterprise Server Vendors Who Shall Not Be Named alerting you to the fact that this hack affects Supermicro...as if the other vendor doesn't source a lot of their parts from China as well? Think your favorite vendor isn't at risk for this kind of attack? See: https://docs.house.gov/meetings/IF/IF16/20180516/108301/HHRG-115-IF16-20180516-SD105-U105.pdf IMHO, Supermicro was known to be involved simply because of market share. The reports I've read don't seem to say that individual servers had these spy chips added to the BMC with the knowledge that those machine would be purchased by the target [bank|defense contractor|government agency, etc], but that the chips were added as part of the production of every machine. Maybe the attack was a bit more focused....for example, the Chinese govt learns that a target of interest was ordering 30K servers, so they bug the next 15K (45K) being produced by Supermicro. There's nothing to suggest that the same thing isn't going on at sub-assembly suppliers and affecting other vendors....and how would we know? Sure, I've got outbound firewalls (which are generally permissive), and do some log analysis....but would I detect a couple of packets per month sent by a hacked BMC to an off-site command-and-control server? Mark ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug