[1]Notes on the Bloomberg Supermicro supply chain hack story:

    Bloomberg has a story how Chinese intelligence inserted secret chips
    into servers bound for America. There are a couple issues with the
    story I wanted to address.

    The story is based on anonymous sources, and not even good anonymous
    sources. An example is this attribution:

    a person briefed on evidence gathered during the probe says

    That means somebody not even involved, but somebody who heard a
    rumor. It also doesn't the person even had sufficient expertise to
    understand what they were being briefed about.

    The technical detail that's missing from the story is that the
    supply chain is already messed up with fake chips rather than
    malicious chips. Reputable vendors spend a lot of time ensuring
    quality, reliability, tolerances, ability to withstand harsh
    environments, and so on. Even the simplest of chips can command a
    price premium when they are well made.

  (Via [2]Errata Security)

  The truth on this story is still revealing itself. I do know that I
  already tire of it.

  Robert Graham's article is the strongest critique of the Bloomberg
  story I've read. My skeptical nature tends to agree with him until more
  facts are known.
  Also on:

  [3]Twitter
    __________________________________________________________________

  My original entry is here: [4]Notes on the Bloomberg Supermicro supply
  chain hack story. It posted Fri, 05 Oct 2018 04:00:16 +0000.
  Filed under: business,

References

  1. https://blog.erratasec.com/2018/10/notes-on-bloomberg-supermicro-supply.html
  2. https://blog.erratasec.com/
  3. https://twitter.com/prjorgensen/status/1048061083599167489
  4. https://www.prjorgensen.com/?p=2088

You are viewing proxied material from sdf.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.