Personal computing discussed
Moderators: renee, Flying Fox, Thresher
Krogoth wrote:I wouldn't be too surprised if certain parties and agency had secretly placed in hardware-level backdoors on a large range of electronics over the past decade or so.
Glorious wrote:Krogoth wrote:I wouldn't be too surprised if certain parties and agency had secretly placed in hardware-level backdoors on a large range of electronics over the past decade or so.
We do it all the time. There is nothing surprising about it.
JBI wrote:The difference is that we (supposedly) tend to add these things further down the supply chain, after the product leaves the factory. The Chinese appear to have compromised the original board design, and (in at least one case) hidden the "bug" between layers of the PCB, making it nearly undetectable.
Glorious wrote:JBI wrote:The difference is that we (supposedly) tend to add these things further down the supply chain, after the product leaves the factory. The Chinese appear to have compromised the original board design, and (in at least one case) hidden the "bug" between layers of the PCB, making it nearly undetectable.
Well, I'd drop the "supposedly" part But that's just a matter of circumstance. If the motherboards were designed & built here, we'd would of course try to do the same(as far as we could anyway, given our legal system and civilian cooperation). We intercept and modify only because they're not made here.
JBI wrote:The "supposedly" was regarding the assertion that we don't insert bugs during manufacturing, only later.
just brew it! wrote:One of tie cited researches is backing away from the story: https://www.zdnet.com/article/security- ... -on-story/
Claims his quotes were taken out of context, and doesn't think the Bloomberg article makes sense.
JBI wrote:One of tie cited researches is backing away from the story
Glorious wrote:JBI wrote:One of tie cited researches is backing away from the story
I guess maybe the allegations aren't true then...
dragontamer5788 wrote:Not necessarily. It just means that part of the story was wrong. Which doesn't speak well for the whole article of course.
dragontamer5788 wrote:I dunno, it smells like blatant stock manipulation to me. Considering that Bloomberg is primarily a financial publication, they really aren't in the business of publishing technical discoveries. Stock manipulation with an element of truth, that was grossly exaggerated.
EDIT: I guess I'm about 50/50. I wouldn't be surprised if there's truth here. But its clear that Bloomberg was "exaggerating" the facts nonetheless, and blatantly making up details. Someone's imagination got ahead of them, and they lost the ability to distinguish between fact and fiction. I still bet that there's a nugget of truth somewhere in the story, but its hard to figure out what it is.
Glorious wrote:There's little-to-no-reason to believe any of it, and it'll be interesting to see how Bloomberg reacts to this.
Glorious wrote:EDIT: Or, as I was already implying, they gave a journalist too much and the journalist went and hung themselves with it.
JBI wrote:Per the link dragontamer5788 posted, it would seem they're doubling down.
Glorious wrote:Meanwhile, Apple is going in front of EDIT: writing to Congress right now saying this is completely untrue.
^ That is a really, really bad idea if it is even kinda, sort-of, true.
dragontamer5788 wrote:Yeah, but Apple has shareholders and customers who are concerned about privacy. If they don't respond forcibly, then their image also falls apart.
dragontamer5788 wrote:A huge part of Apple's marketing is their Facial-recognition security features, among other things. If it turns out chips were being stuck onto their phones to send your faces to some hacker, that would be bad. Apple needs to do everything in its power to protect its reputation.
Glorious wrote:dragontamer5788 wrote:Yeah, but Apple has shareholders and customers who are concerned about privacy. If they don't respond forcibly, then their image also falls apart.
The company (and the Presidency) falls apart completely if it turns out that:
1) They bare-faced lied to Congress. You see, no hypothetical gag order/agreement by the executive can *EVER* legally cover "lie to Congress". So either Apple is doing this completely voluntarily, which is bizarre because then they have no support from the Government, or this is now turning into "How Trump actually gets impeached" and "How Google etc... get broken up into smaller companies".
1a) They bare-faced lied to the public, with public consequences: If they have no support from the Government, how does Apple not go to prison and get fined out of the wazoo? Over what? The fact that something happened TO THEM and that WITH THE GOVERNMENT they appropriately reacted?
2) They bare-faced lied to the public, with private consequences: The civil liability is immense, and no government agreement can ever immunize them from that. The Feds can say we won't prosecute you, but they can't say private individuals can't sue because the courts are going to have to agree. There's really no way they can, and absolutely no way they would. The lawyers of Apple, Google and Amazon are going to point this out, that is there nothing the government can promise in this regard that can have any degree of reliability. No go.
3) They cooperated with the NSA et al, and then blatantly lied about it: The reputational damage is.... incalculable. You can easily envision hundreds of billions of dollars evaporating, massive push on Congress to regulate and punish them. It doesn't matter that they were lying about being spied upon, as opposed to spying themselves, once it's clear that they did this in any context, why ever believe them again?
dragontamer5788 wrote:4) Apple Executives don't know about it, and at best, a few isolated Apple Engineers know about these particular issues. Since Apple, as a whole, doesn't know about it, they released a letter to Congress forcibly defending themselves.
dragontamer5788 wrote:5) A serious, but isolated, incident occurred, but doesn't apply to Apple / SuperMicro / etc. in general. Bloomberg exaggerated the claims in their story and are making a mountain out of a molehill.
Glorious wrote:dragontamer5788 wrote:4) Apple Executives don't know about it, and at best, a few isolated Apple Engineers know about these particular issues. Since Apple, as a whole, doesn't know about it, they released a letter to Congress forcibly defending themselves.
That makes absolutely no sense whatsoever.
1) Why would those isolated engineers lie to their employer in the first place? They risk their job, and for what?
2) How do isolated engineers manage to get Apple to switch suppliers, in a matter of tens of millions of dollars, without ever explaining why?
3) How do isolated engineers dispose of millions of dollars of hardware, without ever explaining why?
4) How do isolated engineers coordinate with data-center folks, because if they are mucking around looking for evidence of tampering with hundreds to thousands of servers, what on earth do they say to regular operations staff? Moreover, from initial discovery, why would they decide to keep the situation secret? For what conceivable reason would they do that? (If these Apple engineers found these on their own, why would the initial reaction be to tell absolutely no one else at the company? Likewise, if an outside party alerted Apple to go look, how do outside parties know who to choose that A) can successfully do that without notice and B) won't just immediately tell their superiors?)
5) How do isolated engineers coordinate with networking, because Apple explicitly claimed to Congress that they've never seen traffic like this?
6) How do isolated engineers "cooperate" with the FBI without anyone else in the company knowing it? How could the FBI do anything meaningful whatsoever if any overture or contact to anyone else at the company would reveal the situation?
7) How do isolated engineers completely hide from the internal investigation (Bloomberg contact Apple about this story 12 months ago, and Apple immediately acted)? Apple could easily guess who would be in a position to know, and now those people would have to cover-up the cover-up, which is like insanely impossible: If you are the person who could have discovered this and successfully hidden it, there will be a pattern of behavior that would at least implicate you (if not prove your complicity) and now Apple is -still- lying, about something much worse: They can't categorically say it didn't happen, and now they can't categorically say that this "isolated engineer" isn't a chinese spy that has infiltrated them and is doing WHO ONLY KNOWS WHAT ELSE.
tl;dr: No.
Glorious wrote:dragontamer5788 wrote:5) A serious, but isolated, incident occurred, but doesn't apply to Apple / SuperMicro / etc. in general. Bloomberg exaggerated the claims in their story and are making a mountain out of a molehill.
This is the story being manifestly false.
It really makes no difference if something like this happened to someone, because, yes, something like this has assuredly happened to someone.
I mean, the defense to outright libel isn't "Well it wasn't you, and it wasn't this, but someone else did something similar to my allegation, so I'm not really wrong"
dragontamer5788 wrote:The Occam's razor is that DHS is using Apple and/or Supermicro equipment, so they're covering their own ass on this issue.
dragontamer5788 wrote:Lazines: https://en.wikipedia.org/wiki/General_M ... ch_recalls
Look, engineers don't always tell executives what goes on. That's like... normal. No conspiracy here. That's just how the world works. You can't just assume that everyone in a large corporation is on the same page.
wikipedia wrote:The fault had been known to GM for at least a decade prior to the recall being declared
article wrote:In subsequent depositions, though, GM engineers referred to documents that the automaker hadn’t provided, Cooper said. In June, he filed a motion seeking penalties against the carmaker for withholding information.
dragontamer5788 wrote:What we can say, for sure, is that Apple, as a whole, is unaware of any problems. Cool. That doesn't necessarily mean Bloomberg is correct mind-you, it just means that Apple presumably looked into the matter, and hasn't found anything yet. I don't necessarily see any reason to disbelieve Apple.
dragontamer5788 wrote:You said it. Not me. I don't know where you get all of these stories from, but that's not my argument, nor does it seem to logically flow from my earlier statement. Aside from 1), if you assume malice.
dragontamer5788 wrote:I'm just saying: if one or two iPhones were attacked during manufacturing, then Bloomberg's story would be correct, AND Apple would also be correct. Mind you, Apple contracts a lot of these details out to Foxconn, so its not like Apple has 100% control over their entire supply chain.
dragontamer5788 wrote:I'm not necessarily saying Bloomberg has a correct story here. I'm simply painting a picture on how Bloomberg AND Apple can be simultaneously correct.
If a small, isolated incident occurred, and no engineer felt it was necessary to tell executives about, then everything kinda fits.
Glorious wrote:Did you even read the original article?
You're blathering about make-believe, and no, it obviously doesn't fit.
I'm trying to explain how to how utterly outlandish your argument is. If you don't want to think through your offhanded claims and baseless suppositions, please just don't make them then.
Glorious wrote:dragontamer5788 wrote:The Occam's razor is that DHS is using Apple and/or Supermicro equipment, so they're covering their own ass on this issue.
Uh, they frequently award their contracts to the likes of Dell and HP, so I'd actually be very surprised if they were ever a supermicro customer. At any rate, Supermicro is almost certainly not an government approved vendor now and probably hasn't been for years, if ever.
Likewise with Apple, do you mean maybe the phones? I have no idea what they issue, but if it is apple, the handsets have nothing to do with this whatsoever.
dragontamer5788 wrote:Yes. They have a picture of an lol coupling capacitor and claim it can take over a computer. Which is utter bulls---. Coupling capacitors have 8-pins but only logically have 2-connections on the PCB. Soooo... no.
So my question is: what nugget of truth are they basing their article on? There must have been some incident that these "sources" are talking about, that the reporter doesn't fully understand, and wrote very poorly about. Very likely, the incident is being exaggerated by the "reporter", and they are making a mountain-out-of-a-molehill.