[opensuse] The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies - Bloomberg
Worth knowing about. https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-us... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/10/2018 09.51, ken wrote:
Worth knowing about.
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-us...
IMHO, these should go to opensuse-offtopic instad. Please reply there. -- Cheers / Saludos, Carlos E. R. (from openSUSE 15.0 (Legolas))
On 10/05/2018 04:43 AM, Carlos E. R. wrote:
On 05/10/2018 09.51, ken wrote:
Worth knowing about.
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-us... IMHO, these should go to opensuse-offtopic instad. Please reply there.
The Chinese are spying there. ;-) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10/05/2018 01:43 AM, Carlos E. R. wrote:
On 05/10/2018 09.51, ken wrote:
Worth knowing about.
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-us... IMHO, these should go to opensuse-offtopic instad. Please reply there.
I disagree, Carlos. Many on this list run openSUSE on Supermicro servers. If this is really a threat, the larger audience should know about it and possibly even discuss detection/mitigations. IMHO, if this is really a threat, then it would require more than soldering a 1mm surface-mount device on a motherboard. Perhaps this tiny thing acts as a switch to enable already built-in vulnerabilities? Maybe a threat was built-in to the core hardware/firmware and enabled later on in the supply chain? Just speculating, if indeed there's anything to the story in the first place. Also, how many motherboards aren't made in China these days? Could the problem be broader? Would you trust motherboards made in the USA? I've still got an S-100 Z80 computer in the attic, I bet it's safe! I don't think it even has a BIOS! Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Op vrijdag 5 oktober 2018 15:00:55 CEST schreef Lew Wolfgang:
On 10/05/2018 01:43 AM, Carlos E. R. wrote:
On 05/10/2018 09.51, ken wrote:
Worth knowing about.
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china -used-a-tiny-chip-to-infiltrate-america-s-top-companies> IMHO, these should go to opensuse-offtopic instad. Please reply there.
I disagree, Carlos. Many on this list run openSUSE on Supermicro servers. If this is really a threat, the larger audience should know about it and possibly even discuss detection/mitigations.
I disagree firmly here, Lew. Even though some ( I don't think many FWIW ) use these servers, this has nothing to do with openSUSE support, hence should go to the off-topic list.
IMHO, if this is really a threat, then it would require more than soldering a 1mm surface-mount device on a motherboard. Perhaps this tiny thing acts as a switch to enable already built-in vulnerabilities? Maybe a threat was built-in to the core hardware/firmware and enabled later on in the supply chain? Just speculating, if indeed there's anything to the story in the first place.
Also, how many motherboards aren't made in China these days? Could the problem be broader? Would you trust motherboards made in the USA? I've still got an S-100 Z80 computer in the attic, I bet it's safe! I don't think it even has a BIOS!
Regards, Lew
-- Gertjan Lettink a.k.a. Knurpht openSUSE Board Member openSUSE Forums Team -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Knurpht-openSUSE composed on 2018-10-05 09:06 (UTC-0400):
Lew Wolfgang composed:
Carlos E. R. wrote:
ken wrote:
IMHO, these should go to opensuse-offtopic instad. Please reply there.
I disagree, Carlos. Many on this list run openSUSE on Supermicro servers. If this is really a threat, the larger audience should know about it and possibly even discuss detection/mitigations.
I disagree firmly here, Lew. Even though some ( I don't think many FWIW ) use these servers, this has nothing to do with openSUSE support, hence should go to the off-topic list.
Thank you Ken! I agree with Lew. I consider this routine micromanaging of what is or is not topical on mailing lists and forums one of the disadvantages of trying to be a good citizen/net contributor to openSUSE, and considerably more annoying than posts that are *clearly* OT. It gives me a throw all the bums out attitude at election time. I wonder if there were both fully moderated and completely unmoderated opensuse lists how many would choose moderated? Can't we just trust most people to follow the posting guidelines, and spend one second to use the delete button or key on each that doesn't? -- Bombardier Beetle Irreducible Complexity Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/10/2018 16.59, Felix Miata wrote:
Knurpht-openSUSE composed on 2018-10-05 09:06 (UTC-0400):
Lew Wolfgang composed:
Carlos E. R. wrote:
ken wrote:
IMHO, these should go to opensuse-offtopic instad. Please reply there.
I disagree, Carlos. Many on this list run openSUSE on Supermicro servers. If this is really a threat, the larger audience should know about it and possibly even discuss detection/mitigations.
I disagree firmly here, Lew. Even though some ( I don't think many FWIW ) use these servers, this has nothing to do with openSUSE support, hence should go to the off-topic list.
Thank you Ken!
I agree with Lew.
I consider this routine micromanaging of what is or is not topical on mailing lists and forums one of the disadvantages of trying to be a good citizen/net contributor to openSUSE, and considerably more annoying than posts that are *clearly* OT. It gives me a throw all the bums out attitude at election time.
I wonder if there were both fully moderated and completely unmoderated opensuse lists how many would choose moderated? Can't we just trust most people to follow the posting guidelines, and spend one second to use the delete button or key on each that doesn't?
Please, please, don't enter into paranoia mode ;-) IMO, the proper place to talk about this is in the OT list. OK, it has been announced here, we all had a chance to see it, now let's go to OT and continue if we wish. :-)) The OP seems fake news to me, anyway. -- Cheers / Saludos, Carlos E. R. (from 42.3 x86_64 "Malachite" at Telcontar)
On 10/05/2018 09:59 AM, Felix Miata wrote:
Thank you Ken!
I agree with Lew.
+1 The nanny moderation had done more harm to the community and SuSE's interest in the community than good. Thanks Mom. -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Op vrijdag 5 oktober 2018 10:43:50 CEST schreef Carlos E. R.:
On 05/10/2018 09.51, ken wrote:
Worth knowing about.
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-> > used-a-tiny-chip-to-infiltrate-america-s-top-companies IMHO, these should go to opensuse-offtopic instad. Please reply there. You're 100% right, this has nothing to do with openSUSE at all. Please convince the other posters as well.
-- Gertjan Lettink a.k.a. Knurpht openSUSE Board Member openSUSE Forums Team -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10/05/2018 03:51 AM, ken wrote:
Worth knowing about.
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-us...
That's long been a concern, with so much being made in China. There are a couple of Chinese telecom manufacturers that have been banned from the U.S. for that reason. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10/05/2018 02:51 AM, ken wrote:
Worth knowing about.
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-us...
H H H H H O O O O O L L L L L Y Y Y Y Y 5HIT ! ! ! ! That reads better than a cloak-and-dagger spy novel! Glad my SuperMicro boards are Old.... (and also glad I have nothing of relevant interest in the international arena) The article does a good job in exposing the known vulnerability of the global hardware supply chain that had been widely discussed -- and then quietly swept under the rug. If we have learned nothing, we have learned that were a vulnerability exits, it isn't a question of whether it will be exploited, but when. The fact that it did happen isn't that surprising, the fact that industry let it happen -- is. Greed is a wicked mistress that often clouds the minds of the most reasoned men (and women). -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (7)
-
Carlos E. R. -
David C. Rankin -
Felix Miata -
James Knott -
ken -
Knurpht-openSUSE -
Lew Wolfgang