Supply chains and trust

By: Maynard Handley (name99.delete@this.name99.org), October 4, 2018 10:01 am
Room: Moderated Discussions
Maynard Handley (name99.delete@this.name99.org) on October 4, 2018 9:57 am wrote:
> David Kanter (dkanter.delete@this.realworldtech.com) on October 4, 2018 8:23 am wrote:
> > Bloomberg released a fantastic report on Chinese intelligence inserting malicious
> > HW into supply chains for servers: https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies?srnd=premium
> >
> > It sure gives a different angle to the move to a hardware root-of-trust by the industry. In reality though,
> > I'm not sure if HW RoT is sufficient. You can always sniff capacitance across an exposed wire!
> >
> > David
>
> IF it's true...
>
> Compare
> "Apple made its discovery of suspicious chips inside Supermicro servers around May 2015, after detecting odd
> network activity and firmware problems, according to a person familiar with the timeline. Two of the senior
> Apple insiders say the company reported the incident to the FBI but kept details about what it had detected
> tightly held, even internally. Government investigators were still chasing clues on their own when Amazon
> made its discovery and gave them access to sabotaged hardware, according to one U.S. official. This created
> an invaluable opportunity for intelligence agencies and the FBI—by then running a full investigation led
> by its cyber- and counterintelligence teams—to see what the chips looked like and how they worked.
> "
>
> with
>
> ""On this we can be very clear: Apple has never found malicious chips, "hardware manipulations"
> or vulnerabilities purposely planted in any server," Apple said in a statement. "Apple never
> had any contact with the FBI or any other agency about such an incident.""
> from
> https://www.businessinsider.com/supermicro-share-price-crushed-by-report-it-sold-servers-compromised-by-chinese-spies-2018-10
>
> So we have Bloomberg claiming a bunch of details about what Apple knew and did, and
> talking to the FBI, and Apple categorically denying this. Whom do we believe?
>
> Well, I obviously have no specific insight into the matter. However I DO know the following background facts
> - it is a tradition of the seedier parts of the US political establishment to feed lies to reporters
> - the same Republicans who have been thoroughly compromised by Russia are doing everything they
> can to paint China as America's new enemy ("We have always been at war with EastAsia" indeed)
> - if your greatest negotiating tactics ever, beautiful negotiating tactics, against China
> have failed to win you glory, time for a plan B, a Reichstag fire or Ems Telegram
>

Much longer (even MORE categorical denials) from Apple et al here:
https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond
< Previous Post in ThreadNext Post in Thread >
TopicPosted ByDate
Supply chains and trustDavid Kanter2018/10/04 08:23 AM
  Supply chains and trustMaynard Handley2018/10/04 09:57 AM
    Supply chains and trustMaynard Handley2018/10/04 10:01 AM
      Supply chains and trustwumpus2018/10/04 04:35 PM
      Supply chains and trustRobert Williams2018/10/08 06:30 PM
        Supply chains and trustMaynard Handley2018/10/08 07:21 PM
          Supply chains and trustRobert Williams2018/10/09 09:03 AM
            Supply chains and trustRobert Williams2018/10/09 09:08 AM
              Supply chains and trustMaynard Handley2018/10/09 09:27 AM
    Supply chains and trustdmcq2018/10/04 10:31 AM
      Supply chains and trustGabriele Svelto2018/10/04 11:32 AM
        Supply chains and trustBrett2018/10/04 11:52 AM
          Supply chains and trustMaynard Handley2018/10/04 12:08 PM
            Supply chains and trustAdrian2018/10/04 12:36 PM
              Supply chains and trustMaynard Handley2018/10/04 12:51 PM
              Supply chains and trustRob Thorpe2018/10/04 01:09 PM
            Supply chains and trustDavid Hess2018/10/04 12:38 PM
            Supply chains and trustBrett2018/10/04 12:52 PM
          Supply chains and trustDoug S2018/10/04 01:33 PM
        Supply chains and trustDavid Hess2018/10/04 12:09 PM
      Supply chains and trustDavid Hess2018/10/04 12:03 PM
    Supply chains and trustDoug S2018/10/04 01:45 PM
      Supply chains and trustGabriele Svelto2018/10/05 01:53 AM
        Supply chains and trustdmcq2018/10/05 03:51 AM
          Supply chains and trustGabriele Svelto2018/10/05 04:34 AM
        Supply chains and trustDoug S2018/10/05 12:46 PM
          Supply chains and trustGabriele Svelto2018/10/06 02:59 PM
            Supply chains and trustDavid Hess2018/10/06 04:12 PM
    Supply chains and trustJ2018/10/04 10:24 PM
      Supply chains and trustAndrew Clough2018/10/05 06:38 AM
        Supply chains and trustDavid Hess2018/10/06 04:16 PM
        Supply chains and trustMaxwell2018/10/06 04:37 PM
    Hit job on Super Micro?Maxwell2018/10/04 10:46 PM
      Hit job on Super Micro?Brett2018/10/05 12:55 AM
        Hit job on Super Micro?David Hess2018/10/06 04:15 PM
  Supply chains and trustKevin G2018/10/04 01:47 PM
    Raptor Engineering's RaptorGabriele Svelto2018/10/05 04:42 AM
    Supply chains and trustGroo2018/10/06 06:49 AM
      Supply chains and trustDavid Kanter2018/10/06 09:04 AM
        Supply chains and trustGroo2018/10/06 03:42 PM
          Supply chains and trustDavid Kanter2018/10/06 03:46 PM
            SuperMicro boards are not made in USAAdrian2018/10/07 12:08 AM
              SuperMicro boards are not made in USAAdrian2018/10/07 12:28 AM
          Supply chains and trustjuanrga2018/10/07 07:12 AM
        Supply chains and trustDavid Hess2018/10/06 04:24 PM
      Supply chains and trustWes Felter2018/10/07 03:35 PM
  What did the BOM entry look like?Mark Roulo2018/10/04 02:21 PM
  Supply chains and trustMaynard Handley2018/10/04 04:01 PM
    Supply chains and trustdmcq2018/10/05 01:27 AM
      Here's what I think happenedDoug S2018/10/05 12:56 PM
        Here's what I think happenedBrett2018/10/05 04:17 PM
          FBI wants to be your first contactex-apple2018/10/05 04:41 PM
          Here's what I think happenedDoug S2018/10/05 10:59 PM
            Why call CIA?David Kanter2018/10/06 09:01 AM
              Why call CIA?Doug S2018/10/06 09:33 AM
                Why call CIA?David Kanter2018/10/06 03:43 PM
        Here's what I think happenedMaynard Handley2018/10/05 04:23 PM
          Here's what I think happeneddmcq2018/10/06 04:52 AM
    Supply chains and trustDavid Hess2018/10/06 04:34 PM
  Supply chains and trustGroo2018/10/06 07:01 AM
    Supply chains and trustetudiant2018/10/07 04:36 AM
Reply to this Topic
Name:
Email:
Topic:
Body: No Text
How do you spell green?