Op vrijdag 5 oktober 2018 15:00:55 CEST schreef Lew Wolfgang:
On 10/05/2018 01:43 AM, Carlos E. R. wrote:
On 05/10/2018 09.51, ken wrote:
Worth knowing about.
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china -used-a-tiny-chip-to-infiltrate-america-s-top-companies> IMHO, these should go to opensuse-offtopic instad. Please reply there.
I disagree, Carlos. Many on this list run openSUSE on Supermicro servers. If this is really a threat, the larger audience should know about it and possibly even discuss detection/mitigations.
I disagree firmly here, Lew. Even though some ( I don't think many FWIW ) use these servers, this has nothing to do with openSUSE support, hence should go to the off-topic list.
IMHO, if this is really a threat, then it would require more than soldering a 1mm surface-mount device on a motherboard. Perhaps this tiny thing acts as a switch to enable already built-in vulnerabilities? Maybe a threat was built-in to the core hardware/firmware and enabled later on in the supply chain? Just speculating, if indeed there's anything to the story in the first place.
Also, how many motherboards aren't made in China these days? Could the problem be broader? Would you trust motherboards made in the USA? I've still got an S-100 Z80 computer in the attic, I bet it's safe! I don't think it even has a BIOS!
Regards, Lew
-- Gertjan Lettink a.k.a. Knurpht openSUSE Board Member openSUSE Forums Team -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org