Re: bloomberg on supermicro: sky is falling

[Denys Fedoryshchenko <denys () visp net lb>]

On 2018-10-04 21:52, Scott Weeks wrote:
> --- matlockken () gmail com wrote:
> From: Ken Matlock <matlockken () gmail com>
>
> Would be remiss in our duties if we didn't also link
> AWS' blog, in response to the Bloomberg article.
> --------------------------------------------------
>
>
> Every company and the Chinese gov't is saying "no,
> Bloomberg is wrong":
>
> https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond
>
> Can't wait to see how this evolves...
>
> scott
It would be better for them(AMZN, SMCI, AAPL)  to prove that these 
events did not take place - in court.
In the opposite case, even if this article is full of inaccuracies, 
judging by the discussions of security specialists, the scenario 
indicated in the article is quite possible.
Unpopulated SOIC-8 near populated SOIC-16 flash for BMC firmware is 
sweet spot for custom MCU - snooping on flash SPI(most likely) bus and 
probably altering some data.
At the same time there will be a good precedent, if this article is 
fabricated - such journalists need to be taught a lesson.
And if they wont go to the court, there is something to think about.