GET RID OF SUPERMICOR BOARDS MFD 2013-2015 NOW

GET RID OF SUPERMICOR BOARDS MFD 2013-2015 NOW

New report from Bloomberg

A major U.S. telecommunications company discovered manipulated hardware from Super Micro Computer Inc. in its network and removed it in August, fresh evidence of tampering in China of critical technology components bound for the U.S., according to a security expert working for the telecom company.


The security expert, Yossi Appleboum, provided documents, analysis and other evidence of the discovery following the publication of aninvestigative report in Bloomberg Businessweek that detailed how China’s intelligence services had ordered subcontractors to plant malicious chips in Supermicro server motherboards over a two-year period ending in 2015.

bloomberg.com/news/articles/2018-10-09/new-evidence-of-hacked-supermicro-hardware-found-in-u-s-telecom

Attached: 79508C97-82AD-494A-846C-ACBD16F3C723.jpg (1280x720, 90K)

Other urls found in this thread:

9to5mac.com/2018/10/09/bloomberg/
blog.eclypsium.com/2018/09/06/insecure-firmware-updates-in-server-management-systems/
risky.biz/RB517_feature/
twitter.com/SFWRedditVideos

Somehow only Bloomberg is reporting. I wonder why.

>multiple investigations
>not a single photo

:))))))

>In 2016, Mr. Appleboum co-founded Sepio Systems, a Cyber Security startup company that brings a new approach for defending supply chains against cyber-attacks

Wouldn't be surprised if Supermicro sued the fuck out of Bloomberg and this guy.

(((experts)))

And you think that guy isn’t prepared?

They are telling the truth. Look how FBI, CIA, NSA are shuting their mouth up.

There isn't any chip you inbred retard. They literally have given no evidence except some bullshit ((expert)) shittalk. Even their sources are back tracking on the story..

9to5mac.com/2018/10/09/bloomberg/

>One of Bloomberg’s sources told them Chinese spy chip story “didn’t make sense”

Bloomberg is gonna get their asses sued the fuck out of all the companies they've defamed.

ohhh you right

I bet bloomberg legal haven't even heard of libel, slander, or defamation. That's definitely why they published this story implicating the most valuable tech companies on the planet of not admitting to security faults.

How inbred retard are you to think bloomberg’s lawyers aren’t prepared for that?

God, it’s a jewish company with a jewish lawyer you inbred retard think how much bloomberg lawyers throughly read and checked for legal problems.

They literally dropped a company’s stock to half. They prepared for it.

The editor is definitely going to be fired for going ahead with this fairy tale. Screenshot this.

itt: chinese damage control

If that’s a fairy tail all bloomberg lawyers should hang themselves.

How can they cover for half drop of supermicro stocks?

This kind of reasonal thinking doesn’t need einstein brain you retard.

Typical ‘if you cant attack the message attack the messenger’ kind of article. Sick.

>no concrete evidence only hearsay
>all companies involved deny everything
>bloomberg sources now backtracking

A jewish company baited another jewish company for stock manipulation gains. Thats what actually happened.

Since they're jews, they'll come up with the money somehow.

some friends working in hardware security looked into this. the chip in Bloomberg's investigation is the size of a tiny smd capacitor and has only 6 pins. you can't really do anything with it given it's size and the fact that there is no bus on the motherboard you can connect it to

it recovered a bit

Attached: "halved".png (1608x475, 66K)

>working in hardware security
>can't think up ways to compromise a BMC with a tiny simple chip

Are they interns?

>a small SMD chip can btfo your whole computer
What?

they talked about ipmi but that's too limited and can be disabled

What stock, wanna make a bet

>1 day
Now zoom out to 1 month

Because the reporters involved are shit, according to some sources may be paid based on how much they move the market, and have got this kind of thing wrong now three times before.

It's plausible that something you put there could interpose the SPI flash, and 5 or 6 pins is the minimum you'd need to do that.

But you don't NEED a tiny simple chip to compromise it. Until 6 September 2018 Supermicro BMC board updates were unsigned. blog.eclypsium.com/2018/09/06/insecure-firmware-updates-in-server-management-systems/

Its bootcode still is, and the AST2400/2500 series are open and well known, so you could just flash the fucking SOIC-16 SPI flash with OpenBMC or patch it or something.

You know who's known for doing overcomplicated hardware implants when you don't need them? NSA TAO. You know who's known for doing the simplest possible? The Chinese.

The attribution doesn't make sense, every one of the supposed victims and agencies have issued the most on-the-record flat denials they could - which cannot legally be compelled speech, even with an NSL - and at least one of the sources (Joe Fitzpatrick) has said they got the wrong end of the stick entirely: risky.biz/RB517_feature/

>He also provided Risky.Biz with emails he sent to Bloomberg, prior to the story’s publication, that said the hardware back-dooring the article described “didn’t make sense”.

It's fucking bullshit, is what it is.

COULD someone do this? Yes. The only agency who are actually known to have done something like this in the past, however, is NSA TAO with Cisco routers, and that was delivery interdiction with access to the design schematics, not at-source.

DID this particular exact thing happen? All signs point to Nope..

Attached: nope.jpg (1909x1070, 195K)

And what are those tiny things supposed to do?Even if the chips were collecting data, they'd still have to somehow transmit said data without being noticed.

>percentage calculator website
>not just doing 1 - 12 ÷15.5

I recommend actually listening to that podcast. It's so much better than just that.

That dude actually described to bloomberg a possible, but contrived, inefficient and round-about scenario. While re-iterating that is only an example.

Then bloomberg went and described THAT EXACT SCENARIO in their article.

(((Appleboum)))

>israeli sources
100% FUD

>Yossi Appleboum
Holy fuck, why is Jow Forums always right?

>The security expert, Yossi Appleboum
hmmmmmm

>Yossi Appleboum

Attached: 1521044013889.jpg (1170x1974, 287K)

Hey look its the same chip that I can buy on Mouser
>I'm a 1447 H4x0r nao

Attached: spychipmouser.png (1817x475, 94K)

>no details
>no photos
>no packet captures
>no third party confirmation
What the fuck is Bloomberg thinking? They're saying everyone is suppressing information, but I don't see why anyone would. This wouldn't even be that bad of a compromise.

Damn dude. You know how I know you don't know what that chip does?

Anyone who would know anything about RF would know that packages are standardized. Stop reposting the same /redpilled/ shit and go larp in your matrix Jow Forums threads.

Remeber what happened to elon musk when he said "funding secured"

This is ten fold worse than that

Copy pasting from other thread:

Does anyone else find this super suspicious?
My trust with China is always super low but there are a few things that bother me

1. Traces have to be made at the factory for a blank chip spot but putting traces like that is never easy and electronics themselves have to go through usually multiple iterations before they work normally. Now imagine that + this chip

2. The chips isn't "super powerful" AND it cannot be psychically far from pci-e/network chips. Otherwise it would cause obvious issues with the rest of the hardware

3. The act of inserting the chip looks impossible (unless pictured is the wrong chip). It would have to be soldered on? Either way all motherboards should have a blank spot with traces going to where the chip would be

Wut?

real shit journalism. even with anonymous sources you need some corroborating evidence. no the authors refuse to answer any questions about the report they issued. shits a hit piece and i wouldn't be surprised if they had financial incentives to write this piece.

we'll see if this turns out to be legit or not just like the last story

Hmmm...

9to5mac.com/2018/10/09/bloomberg/

>Muh China

Lel like the NSA and co aren't totally guilty of this too.

...

>ten fold worse
oh, at least, were it all freely-found bullshit - Bloomberg were running 'related' articles that basically consisted of 'short SM, because we fkd em'.

Why its not all bullshit tho, there's a difference between 'issuing denials' and storming their fucking offices with a mountain of libel writs and every free lawyer you can rustle up. None of which happened, not from AMZN, nor APPL, nor even Supermicro - not even the fucking threat of writ from a company for whom this story could prove their last rites. Best way to demonstrate something is BS is go before the courts, or threaten such, immediately. Hasn't happened, and wont. Because its fucking obviously not 'all BS' & Bloomberg in not some kind of epic professional troll, FFS.