Supermicro Spy Chips

Discussion in 'Business & Enterprise Computing' started by Agg, Oct 9, 2018.

  1. power

    power Member

    Joined:
    Apr 20, 2002
    Messages:
    55,902
    Location:
    brisbane
    why?

    you put it where it needs to be. how many people are looking at a board and saying that doesn't look right - there's thousands of components that most people have nfi what they are or do.
     
    fredhoon likes this.
  2. pH@tTm@N

    pH@tTm@N Member

    Joined:
    Jun 27, 2001
    Messages:
    1,980
    Location:
    BRISBANE
    why? because it would be years before anyone found it. server boards will be inspected after failures - at least early on in the revisions.
     
  3. power

    power Member

    Joined:
    Apr 20, 2002
    Messages:
    55,902
    Location:
    brisbane
    it already is years.

    it was not found through physical inspection but suspicious network activity.

    (if it exists).
     
  4. MR CHILLED

    MR CHILLED D'oh!

    Joined:
    Jan 2, 2002
    Messages:
    135,455
    Location:
    Omicron Persei 8
    What's more worrying, this or the millions of cheap ipcams sending info back to china as we speak : p
     
    l_ QuadX_l likes this.
  5. pH@tTm@N

    pH@tTm@N Member

    Joined:
    Jun 27, 2001
    Messages:
    1,980
    Location:
    BRISBANE
    heh, their china firewall must have some massive throughput
     
  6. cvidler

    cvidler Member

    Joined:
    Jun 29, 2001
    Messages:
    11,559
    Location:
    Canberra
    Easy when the inbound ruleset is

    allow any any.
     
  7. power

    power Member

    Joined:
    Apr 20, 2002
    Messages:
    55,902
    Location:
    brisbane
    this made me laugh, i've always maintained that Supermicro boards are shit.

    https://arstechnica.com/information...-ridden-why-would-hackers-ever-need-implants/

     
    Last edited: Oct 12, 2018
  8. millsy_c

    millsy_c Member

    Joined:
    Mar 31, 2007
    Messages:
    12,427
    Location:
    Brisbane
    Which really goes back to the point of 'why would you even bother doing a hardware implant when the software is so shit'
     
    pH@tTm@N likes this.
  9. GumbyNoTalent

    GumbyNoTalent Member

    Joined:
    Jan 8, 2003
    Messages:
    6,485
    Location:
    Briz Vegas
    You want to drum up rhetoric with uneducated masses in the US to further the "trade war".
     
  10. MR CHILLED

    MR CHILLED D'oh!

    Joined:
    Jan 2, 2002
    Messages:
    135,455
    Location:
    Omicron Persei 8
    Chinese Government? : )
     
  11. pH@tTm@N

    pH@tTm@N Member

    Joined:
    Jun 27, 2001
    Messages:
    1,980
    Location:
    BRISBANE
    I think one of the follow up clarification articles suggested it went far wider than supermicro alone in terms of hardware. I don't doubt something has happened, but I don't think the real truth have been revealed.
     
  12. koopz

    koopz Member

    Joined:
    Dec 27, 2001
    Messages:
    2,004
    Location:
    Qld
    we had very concerned randoms occasionally popping up at from time to time at a computer store I once worked at back in the 2000s. These peeps weren't so happy to hang around and talk shop however, which seemed odd. Why suggest a security problem without being a part of the solution - which some of us that were well versed in *nix at the time would be happy to discuss and work on?


    still - I couldn't respect any of our trainees at work ( or even you Geoff ; )if they weren't able to call me out my current pr0n watching history habits. It's not like I go out of my way to hide it.



    there is a fine line between invasion and inspection today.


    my truth that I believe is that that we permit ourselves to both invasion and inspection as we choose to knowingly walk in front of camera systems, use Apps that we don't understand 100%..


    At the most exciting level, we're mostly boring people walking down the street in a the same high res CCTV camera shot of someone who recently / was soon to commit a crime, and more often than not we'll never here about it from the police


    I'm more concerned about service outages that lead to gap in this kind of fluid and well designed process. They might be back end server or cloud based, communication based where the backup broadband connection did not kick in quickly enough to continue the high res video feed, if at all... or simply be a record failure for an old high res video stream that I need to pull up from 3 months ago. Or... call center based... which is just a dead end for information to flow correctly.


    there truly are greater concerns out there to focus upon.. and...

    what was the question again?
     
    Last edited: Oct 23, 2018
  13. Doc-of-FC

    Doc-of-FC Member

    Joined:
    Aug 30, 2001
    Messages:
    3,221
    Location:
    Canberra
    you really need to lay off the pipe koopz, 2 minutes of my life I'm never getting back.
     
  14. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    34,636
    Location:
    Brisbane
    Performance and reliability wise, they're great.

    Security wise, they're terrible. This is why we use them at scale, don't allow them to talk to the Internet, and physically disconnect all of their IPMI links.
     
  15. power

    power Member

    Joined:
    Apr 20, 2002
    Messages:
    55,902
    Location:
    brisbane
    i'll give you performance but not stability or reliability.
     
  16. Doc-of-FC

    Doc-of-FC Member

    Joined:
    Aug 30, 2001
    Messages:
    3,221
    Location:
    Canberra
    Got lots of them, running great, oldest are well over 5 years doing typical 24 x 7 number crunching.

    if you're got shit power, you'll have a shit experience.
     
  17. Unframed

    Unframed Member

    Joined:
    Mar 30, 2010
    Messages:
    8,914
    Location:
    Hella south west
    I ran 50 of the 36bay SuperMicros for 3 years, 24/7 cloud storage. Never replaced more than a stick of RAM or a few drives.
     
  18. power

    power Member

    Joined:
    Apr 20, 2002
    Messages:
    55,902
    Location:
    brisbane
    then maybe i need to take another look at them!
     
    Unframed likes this.
  19. OP
    OP
    Agg

    Agg Lord of the Pings

    Joined:
    Jun 16, 2001
    Messages:
    30,901
    Location:
    A Reported Post Near You
  20. ipv6ready

    ipv6ready Member

    Joined:
    Feb 10, 2014
    Messages:
    1,892
    Location:
    North Sydney

    Seems like a vendetta against Supermicro, wonder if any of the reporters family was sacked by Supermicro in the last 5 years.

    As Apple security head says, a hardware chip is there forever and the person who did it would have done it knowing it is there to be found and dam any consequences.

    Also in an organisation like Apple or AWS when such a chip is found, a storm of emails would go around different departments and it would be impossible to hide internally nor externally as Apple or AWS would have emailed thridparties to verify what it was etc etc
     
    Last edited: Oct 23, 2018

Share This Page