Personal computing discussed

Moderators: renee, Flying Fox, Thresher

 
Glorious
Gold subscriber
Gerbilus Supremus
Posts: 11909
Joined: Tue Aug 27, 2002 6:35 pm

Re: Supermicro motherboard back door?

Tue Oct 09, 2018 2:05 pm

Waco wrote:
Super Micro is absolutely an approved government vendor.


Consider my claim completely retracted then. :lol:

I would think then, despite being clearly wrong about that (I should have thought about your realm of endeavor and checked, utterly duh, in retrospect. Mea Culpa), that Homeland Security still isn't likely to be a customer.
 
Waco
Gold subscriber
Grand Gerbil Poohbah
Posts: 3202
Joined: Tue Jan 20, 2009 4:14 pm
Location: Los Alamos, NM

Re: Supermicro motherboard back door?

Tue Oct 09, 2018 2:08 pm

I'd bet you're wrong there. :) Super Micro gear is pretty popular across the span of DoD, DoE, three letter agencies, etc. They're cheap and willing to build weird stuff for various customers.


Also - Dell still ships the BMC with a default password as well. It's been the same for...15 years? Something like that anyway.
Desktop: X570 Gaming X | 3900X | 32 GB | Alphacool Eisblock Radeon VII | Heatkiller R3 | Samsung 4K 40" | 1 TB SX8200 Pro + 2 TB 660p + 2 TB SATA SSD
NAS: 1950X | Designare EX | 32 GB ECC | 7x8 TB RAIDZ2 | 8x2 TB RAID10 | FreeNAS | ZFS | LSI SAS
 
Glorious
Gold subscriber
Gerbilus Supremus
Posts: 11909
Joined: Tue Aug 27, 2002 6:35 pm

Re: Supermicro motherboard back door?

Tue Oct 09, 2018 2:10 pm

dragontamer5788 wrote:
And you're explaining it poorly. Either explain it better, or stop trying to explain things to me. Because it is hurting your case.


Explain what? Rogue engineers disposed of thousands of supermicro servers and convinced Apple to never buy anymore, because, *crickets*

The proof for this being a possibility? Oh, here you go, here's an example where Engineers helped reveal that their company was covering up an issue!

Oh, and what if one or two handsets were compromised, and what if Tim Cook's car has Russians in the trunk? See? Could be true somehow!

...
 
dragontamer5788
Gerbil Elite
Posts: 516
Joined: Mon May 06, 2013 8:39 am

Re: Supermicro motherboard back door?

Tue Oct 09, 2018 2:13 pm

Glorious wrote:
Explain what? Rogue engineers disposed of thousands of supermicro servers and convinced Apple to never buy anymore, because, *crickets*


I'm probably kicking up the hornets nest here. But... what the hell does this have to do with my argument? I mean, clearly you love setting up strawmen, but doing so does not facilitate discussion.

These comments of yours in general are simply not helpful to any discussion. I never claimed that "thousands of supermicro servers were disposed of secretly", and I can't follow any logic for how my statements could imply this claim of yours. So seriously, you should stop doing that.
Last edited by dragontamer5788 on Tue Oct 09, 2018 2:14 pm, edited 3 times in total.
 
Glorious
Gold subscriber
Gerbilus Supremus
Posts: 11909
Joined: Tue Aug 27, 2002 6:35 pm

Re: Supermicro motherboard back door?

Tue Oct 09, 2018 2:13 pm

Waco wrote:
I'd bet you're wrong there.


Well you're already conclusively demonstrated that I'm wrong once, so I'm folding.

Waco wrote:
Super Micro gear is pretty popular across the span of DoD, DoE, three letter agencies, etc. They're cheap and willing to build weird stuff for various customers.


The only reason I'm thinking maybe not for DHS is that I know they have contracts with HP and Dell, and also how I generally don't think that they need the "weird" stuff like obviously the DoE and DoD regularly do.

But you're right, I'd bet I was wrong too.

Waco wrote:
Also - Dell still ships the BMC with a default password as well. It's been the same for...15 years? Something like that anyway.


Well, I can say for sure that iLO doesn't. I can't say that you're completely wrong about iDRAC, because I'm way more hazy about that. EDIT: I didn't phrase that right, my supposition is therefore that you are absolutely RIGHT about iDRAC, because I can't dispute it at all. Apologies.

Anyway, like you said in an different thread, it's not exactly the biggest deal in the universe. Passwords should be changed, network access should be compartmentalized, etc..
Last edited by Glorious on Tue Oct 09, 2018 2:17 pm, edited 1 time in total.
 
Glorious
Gold subscriber
Gerbilus Supremus
Posts: 11909
Joined: Tue Aug 27, 2002 6:35 pm

Re: Supermicro motherboard back door?

Tue Oct 09, 2018 2:16 pm

dragontamer5788 wrote:
I'm probably kicking up the hornets nest here. But... what the hell does this have to do with my argument? I mean, clearly you love setting up strawmen, but doing so does not facilitate discussion.

These comments of yours in general are simply not helpful to any discussion.


I'm asking just how "isolated engineers" could manage to pull off this caper, and the only thing you're really said in response is to give an example where engineers helped reveal one.

Then you started going off on things that have absolutely no relation to this at all: compromised handsets. Where did that even come from?

---

I don't appreciate it.

And it's not that I *CAN'T* appreciate it: Waco just blew me out of the water and I kowtowed immediately.

When I'm wrong, I'm wrong. When I go out on a limb and someone points out that I'm resting on air, I fall.

Please extend the same courtesy to me, OK?
 
Glorious
Gold subscriber
Gerbilus Supremus
Posts: 11909
Joined: Tue Aug 27, 2002 6:35 pm

Re: Supermicro motherboard back door?

Tue Oct 09, 2018 2:20 pm

dragontamer5788 wrote:
I never claimed that "thousands of supermicro servers were disposed of secretly", and I can't follow any logic for how my statements could imply this claim of yours. So seriously, you should stop doing that.


Easy: How can "isolated engineers" be confident that they left nothing for later investigation by Apple to find?

They were just absolutely sure, with a thorough investigation that, once again, no one else noticed, that they managed to find all the "magic bean" chips and anything else that might have been tampered with?

And they weren't just absolutely sure, but absolutely correct? (Because Apple didn't, at all, or Apple as a company is still lying!)

That's ....outlandish. And it was also just one of like half-a-dozen show stopper questions I had.

EDIT: Hey! I also said, in the same sentence, that they convinced Apple to never buy them again without explaining why. Where did that part of my statement go? :P
 
dragontamer5788
Gerbil Elite
Posts: 516
Joined: Mon May 06, 2013 8:39 am

Re: Supermicro motherboard back door?

Tue Oct 09, 2018 2:35 pm

Glorious wrote:
Then you started going off on things that have absolutely no relation to this at all: compromised handsets. [b]Where did that even come from?


To be honest, it said Apple in the article so I made assumptions. I kinda forgot that Apple does some server stuff.

If that's what set you off, then sure, I'll walk that one back.
 
Waco
Gold subscriber
Grand Gerbil Poohbah
Posts: 3202
Joined: Tue Jan 20, 2009 4:14 pm
Location: Los Alamos, NM

Re: Supermicro motherboard back door?

Tue Oct 09, 2018 2:38 pm

Glorious wrote:
Anyway, like you said in an different thread, it's not exactly the biggest deal in the universe. Passwords should be changed, network access should be compartmentalized, etc..

Yep. It's only *really* a risk if you're a machine capable of port-sharing the BMC interface with anything publicly routable.
Desktop: X570 Gaming X | 3900X | 32 GB | Alphacool Eisblock Radeon VII | Heatkiller R3 | Samsung 4K 40" | 1 TB SX8200 Pro + 2 TB 660p + 2 TB SATA SSD
NAS: 1950X | Designare EX | 32 GB ECC | 7x8 TB RAIDZ2 | 8x2 TB RAID10 | FreeNAS | ZFS | LSI SAS
 
Waco
Gold subscriber
Grand Gerbil Poohbah
Posts: 3202
Joined: Tue Jan 20, 2009 4:14 pm
Location: Los Alamos, NM

Re: Supermicro motherboard back door?

Tue Oct 09, 2018 2:39 pm

dragontamer5788 wrote:
To be honest, it said Apple in the article so I made assumptions. I kinda forgot that Apple does some server stuff.

:o
Desktop: X570 Gaming X | 3900X | 32 GB | Alphacool Eisblock Radeon VII | Heatkiller R3 | Samsung 4K 40" | 1 TB SX8200 Pro + 2 TB 660p + 2 TB SATA SSD
NAS: 1950X | Designare EX | 32 GB ECC | 7x8 TB RAIDZ2 | 8x2 TB RAID10 | FreeNAS | ZFS | LSI SAS
 
dragontamer5788
Gerbil Elite
Posts: 516
Joined: Mon May 06, 2013 8:39 am

Re: Supermicro motherboard back door?

Tue Oct 09, 2018 2:46 pm

Waco wrote:
dragontamer5788 wrote:
To be honest, it said Apple in the article so I made assumptions. I kinda forgot that Apple does some server stuff.

:o


Heh, I pretty much stopped paying attention to the article as soon as I recognized the coupling capacitor in the pictures. Because the technical details of that article are clearly false on the surface, so I'm not entirely sure how much of the technical details can be trusted from the article as a whole. So I fully admit to potentially misinterpreting the article and perhaps reading over it too quickly. Its kinda hard to take seriously if you recognize what a multi-terminal 0306 capacitor looks like, as well as what they're connected to. There's just no way that can take over a computer.

But I stand by with some of the interpretations of what I said earlier: the most likely thing is that the reporter didn't understand the technical details, and exaggerated some claims. There has to be a nugget of truth somewhere, and hopefully that story comes out eventually. Perhaps the hypotheticals I threw out earlier don't check out 100%, but they're just that: hypotheticals. I don't expect anyone to take them super-seriously.

While we're discussing hypotheticals... I think a hypothetical BMC attack vector makes the most sense, as brought up by Glorious earlier. But its still just that: an unproven hypothetical as we all try and divine what this reporter is trying to tell us in the original article.
 
Waco
Gold subscriber
Grand Gerbil Poohbah
Posts: 3202
Joined: Tue Jan 20, 2009 4:14 pm
Location: Los Alamos, NM

Re: Supermicro motherboard back door?

Tue Oct 09, 2018 3:35 pm

Desktop: X570 Gaming X | 3900X | 32 GB | Alphacool Eisblock Radeon VII | Heatkiller R3 | Samsung 4K 40" | 1 TB SX8200 Pro + 2 TB 660p + 2 TB SATA SSD
NAS: 1950X | Designare EX | 32 GB ECC | 7x8 TB RAIDZ2 | 8x2 TB RAID10 | FreeNAS | ZFS | LSI SAS
 
dragontamer5788
Gerbil Elite
Posts: 516
Joined: Mon May 06, 2013 8:39 am

Re: Supermicro motherboard back door?

Tue Oct 09, 2018 3:50 pm

Waco wrote:
https://arstechnica.com/gadgets/2018/10/new-bloomberg-report-says-backdoored-supermicro-hardware-infiltrated-major-us-telecom/

..and the story evolves.


Still is written by Jordan Robertson and Michael Riley (same authors as last report). So take with a grain of salt.
 
Waco
Gold subscriber
Grand Gerbil Poohbah
Posts: 3202
Joined: Tue Jan 20, 2009 4:14 pm
Location: Los Alamos, NM

Re: Supermicro motherboard back door?

Tue Oct 09, 2018 5:24 pm

Agreed.
Desktop: X570 Gaming X | 3900X | 32 GB | Alphacool Eisblock Radeon VII | Heatkiller R3 | Samsung 4K 40" | 1 TB SX8200 Pro + 2 TB 660p + 2 TB SATA SSD
NAS: 1950X | Designare EX | 32 GB ECC | 7x8 TB RAIDZ2 | 8x2 TB RAID10 | FreeNAS | ZFS | LSI SAS
 
just brew it!
Gold subscriber
Administrator
Topic Author
Posts: 53481
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Supermicro motherboard back door?

Thu Oct 11, 2018 8:36 pm

Nostalgia isn't what it used to be.
 
just brew it!
Gold subscriber
Administrator
Topic Author
Posts: 53481
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Supermicro motherboard back door?

Fri Oct 19, 2018 3:46 pm

Nostalgia isn't what it used to be.
 
DancinJack
Maximum Gerbil
Posts: 4493
Joined: Sat Nov 25, 2006 3:21 pm
Location: Kansas

Re: Supermicro motherboard back door?

Fri Oct 19, 2018 4:05 pm

I'd just like to say that I said on the front page comments, considering the veracity of the denials by these companies, I really don't know how this could be true. Apple and Google (and others) have seriously smart people working for them. If they were ALL duped by this then there is no hope and we should all prepare for the coming apocalypse.
i7 6700K - Z170 - 16GiB DDR4 - GTX 1080 - 512GB SSD - 256GB SSD - 500GB SSD - 3TB HDD- 27" IPS G-sync - Win10 Pro x64 - Ubuntu/Mint x64 :: 2015 13" rMBP Sierra :: Canon EOS 80D/Sony RX100
 
dragontamer5788
Gerbil Elite
Posts: 516
Joined: Mon May 06, 2013 8:39 am

Re: Supermicro motherboard back door?

Fri Oct 19, 2018 4:14 pm

just brew it! wrote:
https://arstechnica.com/information-technology/2018/10/apple-ceo-tim-cook-calls-on-bloomberg-to-retract-its-chinese-spy-story/


Apple CEO Tim Cook is calling on Bloomberg Business to retract a story that said his company was the victim of a hardware-based attack carried out by the Chinese government. It's the first time Apple has ever publicly demanded a retraction, according to BuzzFeed.


Why is it that I trust Buzzfeed news over Bloomberg?

I mean, what timeline are we in?
 
ludi
Gold subscriber
Lord High Gerbil
Posts: 8473
Joined: Fri Jun 21, 2002 10:47 pm
Location: Sunny Colorado front range

Re: Supermicro motherboard back door?

Wed Dec 12, 2018 2:29 pm

This one appears to be going nowhere:

https://www.cnet.com/news/supermicro-sa ... -hardware/
Abacus Model 2.5 | Quad-Row FX with 256 Cherry Red Slider Beads | Applewood Frame | Water Cooling by Brita Filtration
 
liquidsquid
Minister of Gerbil Affairs
Posts: 2660
Joined: Wed May 29, 2002 10:49 am
Location: New York
Contact:

Re: Supermicro motherboard back door?

Wed Dec 12, 2018 4:30 pm

Did I or did I not call Bullshiz on this?

This kind of stuff just does not pass visual inspection machines unless the entire supplier chain is in on it. Also, if a chip vendor REALLY wanted to hide a sniffing device, it would be embedded within an existing device, not sitting out in the breeze for all to see.

Besides which, WTF is the point? Everyone posts every dang last detail about the last poop they took in one site or another that can all be cross-referenced back to a single user. Corporate espionage though... it is by far cheaper and less risky to all to simply plant a mole.
/edit Or toss some big money in the direction of a corrupt govt official.
 
MOSFET
Gerbil XP
Posts: 370
Joined: Fri Aug 08, 2014 12:42 am

Re: Supermicro motherboard back door?

Wed Dec 12, 2018 5:10 pm

Dell's server configurator now has a choice between "Legacy Password" and a "Factory Generated Password" for iDRAC.
Be careful on inserting this (or any G34 chip) into the socket. Once you pull that restraining lever, it is either a good install or a piece of silicon jewelry.
 
Geonerd
Gerbil First Class
Posts: 163
Joined: Mon Dec 19, 2011 2:29 pm
Location: Sunny Aridzona

Re: Supermicro motherboard back door?

Wed Dec 12, 2018 7:43 pm

Servethehome.com has some of the most forceful, well researched rebuttals to this bizarre story.

An early article.
https://www.servethehome.com/bloomberg- ... vestigate/

The most in-depth writeup:
https://www.servethehome.com/investigat ... o-stories/

And today:
https://www.servethehome.com/supermicro ... ware-hack/
 
arunphilip
Gerbil Team Leader
Posts: 259
Joined: Sun Jul 28, 2013 11:46 am

Re: Supermicro motherboard back door?

Thu Dec 13, 2018 4:43 am

Geonerd wrote:
Servethehome.com has some of the most forceful, well researched rebuttals to this bizarre story.

Thank you - that made for very interesting reading. The original Bloomberg report sounded "off", and the comments of others just amplified that feeling. To read these articles that systematically dismantle Bloomberg's claims was very illuminating.
 
just brew it!
Gold subscriber
Administrator
Topic Author
Posts: 53481
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Supermicro motherboard back door?

Thu Dec 13, 2018 10:34 am

I think some people need to investigated for ties to someone who stood to profit from Supermicro's stock taking a nose-dive.
Nostalgia isn't what it used to be.
 
ludi
Gold subscriber
Lord High Gerbil
Posts: 8473
Joined: Fri Jun 21, 2002 10:47 pm
Location: Sunny Colorado front range

Re: Supermicro motherboard back door?

Thu Dec 13, 2018 11:48 am

just brew it! wrote:
I think some people need to investigated for ties to someone who stood to profit from Supermicro's stock taking a nose-dive.

Sure looks that way. Unless the Bloomberg journalists are truly stupid, they probably got carried away by wanting to believe the story. But one or more of their key sources could have been trying to manipulate the market.
Abacus Model 2.5 | Quad-Row FX with 256 Cherry Red Slider Beads | Applewood Frame | Water Cooling by Brita Filtration
 
Ummagumma
Gerbil
Posts: 42
Joined: Fri May 27, 2016 9:18 pm

Re: Supermicro motherboard back door?

Thu Dec 13, 2018 2:58 pm

Geonerd wrote:
Servethehome.com has some of the most forceful, well researched rebuttals to this bizarre story.

An early article.
https://www.servethehome.com/bloomberg- ... vestigate/

The most in-depth writeup:
https://www.servethehome.com/investigat ... o-stories/

And today:
https://www.servethehome.com/supermicro ... ware-hack/


And finally someone on a TR forum decides to check a better informed source than Bloomberg, ZDnet, etc.

Over at ServeTheHome, Patrick's writings on this subject are IMHO "definitive". Patrick has not simply "called BS" on Bloomberg's claims, he has thoroughly dissected the utterly bad reporting done by Bloomberg.

Also check out Patrick's artile on how BMC devices actually work to provide the IPMI feature/tool that many professional sysadmins depend upon when it comes to server maintenance & provisioning.
Did you expect to read anything useful here?
 
Kougar
Minister of Gerbil Affairs
Posts: 2305
Joined: Tue Dec 02, 2008 2:12 am
Location: Texas

Re: Supermicro motherboard back door?

Mon Dec 17, 2018 5:05 am

ludi wrote:
just brew it! wrote:
I think some people need to investigated for ties to someone who stood to profit from Supermicro's stock taking a nose-dive.

Sure looks that way. Unless the Bloomberg journalists are truly stupid, they probably got carried away by wanting to believe the story. But one or more of their key sources could have been trying to manipulate the market.


Undoubtedly, I suspect one or two of these so called industry sources were quite hoping for it. Wouldn't surprise me if Bloomberg did the bare minimum of verifying the authenticity of these anonymous industry experts before it decided to report them verbatim.

What is disappointing is I doubt the SEC will bother to investigate nor will there be any significant fallout to Bloomberg for not verifying anything.
 
Arvald
Silver subscriber
Gerbil Elite
Posts: 760
Joined: Tue Sep 27, 2011 12:14 pm
Location: Gerbil-land, Canada

Re: Supermicro motherboard back door?

Tue Dec 18, 2018 1:20 pm

The technical details that were released early did seem a little off and well, too basic.
Nice to know my server is not compromised.

Who is online

Users browsing this forum: No registered users and 2 guests
GZIP: On