Author Topic: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.  (Read 35465 times)

0 Members and 1 Guest are viewing this topic.

Offline David Hess

  • Super Contributor
  • ***
  • Posts: 10963
  • Country: us
  • DavidH
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #450 on: November 01, 2018, 12:59:05 am »
Government labs should be helping solve what happened or if anything happened here.

Government helping the public and industry use technology is something they can do and do successfully, IF they do it professionally. (and in the past they have done this very well, less so now)

They should sponsor research in technologies that may pay off in the future and with complicated issues like security, they should be there to help (not hurt) US manufacturers improve security, and do it in a trustworthy, not with a hidden agenda- and the information they make public should  be reliably accurate and helpful - i.e. scientifically informed and literate, not thought-terminating - they should publish technical reports that in an intelligent way raise the overall level of knowledge on subjects, and avoid engaging in 'drama'.

Are these the same government labs which intercept shipments to add their own backdoor hardware and firmware, pay companies like RSA to implemented backdoored encryption products, and suborn NIST into implemented flawed security standards?

The government poisoned that well starting decades ago if not sooner.
 
The following users thanked this post: orolo

Offline Halcyon

  • Super Contributor
  • ***
  • Posts: 3914
  • Country: au
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #451 on: November 01, 2018, 02:07:48 am »
Investigating Implausible Bloomberg Supermicro Stories: https://www.servethehome.com/investigating-implausible-bloomberg-supermicro-stories/

Very well written and perfectly sums up what most of us suspected from the beginning: That this was at best, fake news.
 
The following users thanked this post: tooki, bd139

Online cdev

  • Super Contributor
  • ***
  • Posts: 5350
  • Country: 00
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #452 on: November 02, 2018, 03:15:26 am »
Actually the government labs I was thinking about are different government labs. Same government, different labs.

Government labs should be helping solve what happened or if anything happened here.

Government helping the public and industry use technology is something they can do and do successfully, IF they do it professionally. (and in the past they have done this very well, less so now)

They should sponsor research in technologies that may pay off in the future and with complicated issues like security, they should be there to help (not hurt) US manufacturers improve security, and do it in a trustworthy, not with a hidden agenda- and the information they make public should  be reliably accurate and helpful - i.e. scientifically informed and literate, not thought-terminating - they should publish technical reports that in an intelligent way raise the overall level of knowledge on subjects, and avoid engaging in 'drama'.

Are these the same government labs which intercept shipments to add their own backdoor hardware and firmware, pay companies like RSA to implemented backdoored encryption products, and suborn NIST into implemented flawed security standards?

The government poisoned that well starting decades ago if not sooner.
"What the large print giveth, the small print taketh away."
 

Online bd139

  • Super Contributor
  • ***
  • Posts: 14621
  • Country: gb
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #453 on: November 02, 2018, 08:47:36 am »
Lots of paranoia here. Don't forget that any national "gubment" consists of multiple branches that don't always work cohesively with each other. Also don't forget most governments are more worried about external infiltration than internal and a lot of that risk comes from the myriad of little companies that hover round the central turd like flies around shit performing technical services. It's in the government's interest to hand out decent quality guidance and security information and protect the country's interests.

Which is what ours does: https://www.ncsc.gov.uk/guidance

Now at the same time, this lot are a subsidiary of the comms spying branch too, but that doesn't mean they're giving out bad advice. Everyone is looking out for that and would call them out on their shit instantly.

If they tried to push encryption they had developed in house I might be a little suspicious but they don't.
 
The following users thanked this post: tooki

Offline David Hess

  • Super Contributor
  • ***
  • Posts: 10963
  • Country: us
  • DavidH
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #454 on: November 06, 2018, 09:02:44 am »
It's in the government's interest to hand out decent quality guidance and security information and protect the country's interests.

Unfortunately our NSA has abandoned securing our own infrastructure for compromising it.
 

Offline mtdoc

  • Super Contributor
  • ***
  • Posts: 3581
  • Country: us
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #455 on: December 12, 2018, 04:15:43 am »
is australia doing what I think it did?

Yep. But to be fair all the “Five Eyes” countries are in on it. They’re just using Australia as the, ahem, backdoor to introduce the backdoors.

Discussed previously in this thread

 

Online cdev

  • Super Contributor
  • ***
  • Posts: 5350
  • Country: 00
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #456 on: December 12, 2018, 04:35:05 am »
This all started back in 1995 when they decided they were going to privatize everything everywhere that was already partly commercial, to give investors 'certainty'..

Its moving along at a brisk pace.

That goal was inherently in conflict with democracy in a world thats automating.

But of course everything has to look as legitimate as possible.




"What the large print giveth, the small print taketh away."
 

Offline beanflying

  • Super Contributor
  • ***
  • Posts: 5089
  • Country: au
  • Toys so very many Toys.
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #457 on: December 12, 2018, 04:51:42 am »
is australia doing what I think it did?


Yep. The idiots on the hill rammed flawed legislation to 'protect us from ABC' through on the last sitting day of parliament until February with the 'promise' to review and amend it then. Unless we go to an early election so it the becomes April maybe. All so we can remain 'safe' from unspecified possible threats XYZ in the meanwhile. :palm:

The behavior on let alone the dodgy Bill would have made the cast of Yes Minister blush in the way it was done.

Dutton isn't to be trusted



Coffee, Food, R/C and electronics nerd in no particular order. Also CNC wannabe, 3D printer and Laser Cutter Junkie and just don't mention my TEA addiction....
 

Online bd139

  • Super Contributor
  • ***
  • Posts: 14621
  • Country: gb
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #458 on: December 12, 2018, 07:24:19 am »
On a positive note all this surveillance crap is self deprecating as it serves only to strengthen the infrastructure and make it more resistant to tampering. They’re digging their own graves.
 

Offline beanflying

  • Super Contributor
  • ***
  • Posts: 5089
  • Country: au
  • Toys so very many Toys.
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #459 on: December 12, 2018, 07:28:35 am »
The analogy of tight gun control doesn't stop criminals getting them will I suspect be found here too but it is the potential for abuse that still doesn't make it right. And like gun control absence of any control is a bad thing. This travesty tips the balance to far way to fast without any thought to the downsides.
Coffee, Food, R/C and electronics nerd in no particular order. Also CNC wannabe, 3D printer and Laser Cutter Junkie and just don't mention my TEA addiction....
 

Online bd139

  • Super Contributor
  • ***
  • Posts: 14621
  • Country: gb
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #460 on: December 12, 2018, 07:48:10 am »
It’s a cat and mouse game as is gun control. There is no endgame, just progress. On the way we learn things.
 

Online cdev

  • Super Contributor
  • ***
  • Posts: 5350
  • Country: 00
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #461 on: December 12, 2018, 01:47:46 pm »
One thing the British press should be warning Brits about (as far as Brexit's dangers) is your independent WTO accession (which you may need to negotiate - with hundreds of countries all having a verto power unless you make concessions to them, from scratch) and its likely impact on the NHS.

But, not a peep in your media. Am I correct?

But, it should be of major concern, because thats what the WTO's main goal is, privatizing all services unless supplied as an exercise of governmental authority, a narrow definition that almost none of them can pass. Because they do not pass the following very narrow two line test.:

Article I:3 of the 1995 GATS agreement states:
"For the purposes of this Agreement...
(b) 'services' includes any service in any sector except services supplied in the
exercise of governmental authority;
(c) 'a service supplied in the exercise of governmental authority' means any service
which is supplied neither on a commercial basis, nor in competition with one or
more service suppliers."


-------

But no discussion in the media at all. (Are people even seeing this?)

Suppression of all of the things people want, and agree upon is likely the goal of these surveillance platforms. Large scale compartmentalization of inconvenient but essential information without which democracy cannot function. Ending of the commons where people exchange opinions that may include thoughts which are not compliant with the corporate agenda to suppress the public services aspects of government and replace them with a corporate simulacra that celebrates inequality and frames the newly broken situation as one people chose when it wasn't/isn't..

A big lie.

Because of the huge job shift, there will be pressure to help the newly poor who in many cases will be people who 'did everything right'.

The positive aspects of governments - the reasons why people had joined together to create them in the first place, are being quietly ended and prevented from re-emerging by back room trade agreements. Internationally. That will be hard to hide. So the infrastructure to do that is whats being done, I suspect. (This is all speculation!)

Here in the US, and in other WTO and PTA, members, FTAs like the little known 'GATS" and pending TiSA put in place a backwards going regulatory ratchet which only allows deregulation.

Its being used to block most of the things that people want out of democracy. Because, as I have had it put to me "Otherwise people would just vote to fix everything".

We should realize that the dysfunction we see everywhere likely isn't merely failure to ever come to any agreement, in the light of this hidden agenda, one should consider the strong possibility that it may be a deliberate tactic to disenfranchise and disgust all voters

Also one aspect of the new infrastructure for surveillance is that it may be intended to become a sort of jobs or welfare program. For insiders. Except they will be placed in a difficult position vis-a-vis having opinions. So, its disenfranchising them.

 Serving an additional employment and corporate welfare and control of insiders function.

Because many of the other decent jobs because of their use of tax money in any form and lack of any national security exemption (making them potentially exempt from globalization rules, unless they are already 'committed' in an agreements "schedule" - which is based on the so called "four modes of supply" - one needs to understand that trade concept to understand these quite convoluted things!) or 'like' services are already being traded across borders.) Professions of all kinds are intended to, basically all the good jobs done by today's middle class, except those done for private companies, (which will be under downward wage pressure as well, for example in the US "Computer and Related Services" or CRS, if those sectors were committed.)

Huge sections of the economy which people are depending on to employ our young people in the future are on the bargaining table. (Or not. Depending on who you trust to be telling you the truth.)

Services, "everything you cannot drop on your foot" may well eventually, irreversibly become precarious labor done by guest workers across international borders, for very low wages, hollowing out the middle class everywhere, in rich and poor sending and receiving countries alike, replacing high skilled practitioners of professions with low paid "would-be" professionals fresh out of colleges (the Mode Four /Movement of Natural Persons provisions focus on the intra-corporate transferee, requiring they be attached to companies and have special skills, but leaving a lot unsaid, especially on wages, they may be basically paying in their less than market rate labor for the foot in the door.

...and making the millionaires who run those body shop companies billionaires off of others hard almost unpaid labor.

I'm just speculating here.

This scheme, flavors of which are seemingly being pushed in multiple trade agreements is a targeted attack on the middle class by corporations and governments, and it has the potential to bring back a sort of modern form of slavery.  So much money is involved that it could well be thought of as a sort of corrupting influence that corrupted politicians and previously honest legislators everywhere it goes.

Which is my understanding exactly what slavery did. And once it starts its very hard to get rid of.
« Last Edit: December 12, 2018, 05:24:49 pm by cdev »
"What the large print giveth, the small print taketh away."
 

Online bd139

  • Super Contributor
  • ***
  • Posts: 14621
  • Country: gb
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #462 on: December 12, 2018, 02:09:26 pm »
The NHS is heavily privatised already. Most of the major organisations are shell companies / PFI / state run entirely backed with contractors, suppliers and permanent staff. There isn't really much of a public healthcare system, only the top level organisational stuff, property, data and logistics. This has mostly been a positive progression however because the rationale behind it was to make parts of the NHS accountable to someone. A government 100% can't be accountable to itself and you can't realistically sue a government as an individual. If you spin the providers off then you can separate responsibility (hospitals and trusts) and quality (NHS England) which reduces corruption and increases standards (which is actually statistically evident since this restructuring).

Now that doesn't mean that healthcare has a cost or it is a free market, but it does mean that the companies have to be transparent to the government agencies. Prior to this arrangement, quality was unknown, no one was accountable and many many lives were destroyed with no recourse.

I think people forgot the old British public sector energy, postal and transport systems and how absolutely bloody awful they were and how things have improved.

WTO has nothing to do with this either way.
« Last Edit: December 12, 2018, 02:12:49 pm by bd139 »
 

Online cdev

  • Super Contributor
  • ***
  • Posts: 5350
  • Country: 00
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #463 on: December 12, 2018, 02:45:58 pm »
The subsized part of your health insurance scheme will come under pressure. The law of subsidies and countervailing measures in the WTO is different for "pre-existing" "measures" - (basically everything a government 'does' all laws or policies or - any change is a measure- See also the text of the Understanding on Commitments in Financial Services - discussed here in the context of the US - If the UK signed it, remember health insurance is a financial service- So everything that was existing - the free aspect of the NHS insurance, which because its also sold in the UK, was always going to be phased out, (unless it was entirely free, like Canada) you only got to continue doing only as long as it didn't change - will likely come under such extreme pressure only a miracle of public outcry and preparation could prevent. Otherwise it will be you, not the WTO that is forced to change and the cost to indiuvidual Britons will be in the high six figures or low seven figures over each of your lifetimes (as it is here) Or, poor people will be farmed out internationally for care. (Thats what they want but wont say it. They want poor people to leave).

Instead, barring a change in (all of our) our public's understanding of the WTO and its progeny - needed to also understand similar "plurilateral" services agreements, and a concerted effort to prevent this otherwise inevitable outcome,  it will happen and people will blame it on democracy which we will not realize, hasn't existed in a long time. (Instead we have gotten post-hoc rationalization, or political reverse engineering of already-decided outcomes- i.e. manipulation.)

This issue surrounding public services, is a major beef people all around the world have with the WTO and multilateral trading system model, but unless you have some warning of it and that this is coming, you'll likely not realize that.

There is a discussion about these issues and the fact that its the wrong model thats being aspired to, from a British NGO, Save the Children in this publication.

So instead of the WTO needing to change this, exempting all of the public services, for everybody, in the future (a change it needs in order to even aspire to legitimacy) you'll fall into the trap thats likely being set. And then the rest of the world likely will too.

As you're a wealthy country you likely wont be allowed to extensively subsidize health care as you had been in the past, unless you carved it out completely in your schedule before it was drawn up. Which as far as I know was not done in 1995/1998 - I suspect you went the route the US did and tried to commit as much as you could to one way privatization, even knowing that the public would never have voted for it. You could find out by going to the WTO web site and looking up your own country's specific commitments documents. (They have an SC in their titles) from (approximately) 1994-1998, especially. Look up howto read a services schedule as well.



But the poor countries which want the business, they want the patients, which represent themselves as having been told that trade like that is their payback, wont let you do that. (Don't buy in to this North vs. South frame - the real battle is between the oligarchs -who are stealing the planet's entire bright future and all the gains given us by technology- and everybody else) So it has to be called out then and there, but barring any discussion it wont be.

The poor country oligarchs are being quiet now but they will jump into action as soon as the change becomes irreversible.

Whenever a government is paying a portion of the insurance money, its likely to have a expiration date. Because as the 'market' is perfect, it can't be reformed, only countries that deviate from it's pure state must reform. Sounds a bit like a cult, huh? Well it is.
At least it screams cult-like-danger signs to me. (Here is what it is: 'groupthink')

https://www.allysonpollock.com/wp-content/uploads/2013/04/BMJ_2003_Pollock_NewDealWTO.pdf

https://www.allysonpollock.com/wp-content/uploads/2013/04/BMJ_2002_Price_ExtendingChoiceNHS.pdf

https://www.allysonpollock.com/wp-content/uploads/2013/04/Lancet_2002_Pollock_MarketForces.pdf

https://www.allysonpollock.com/wp-content/uploads/2013/04/Lancet_1999_Price_WTODomesticPolicies.pdf


The NHS is heavily privatised already. Most of the major organisations are shell companies / PFI / state run entirely backed with contractors, suppliers and permanent staff. There isn't really much of a public healthcare system, only the top level organisational stuff, property, data and logistics.

Do you have any idea how much we Americans pay for our health care? Or of how arbitrarily expensive and unpredictable it is, so much so that sick people of all income levels, are rightfully terrified to utilize it?

Don't fall into the mistake of thinking the propaganda about private health care being better is accurate. Its not true. Also, dont be misled into thinking that most (more than half of the wage earners) people can afford it, (it meaning adequate coverage to prevent their being bankrupted by a serious illness) that has not been true here in the US since the 1980s!

 Example of problems (old site) at one well connected HMO (which are now common elsewhere in the US - our healthcare is being aggressively attenuated with the result being millions of people never getting treatment they have been paying for, denial of tests and diagnosis, and a huge increase in so called iatrogenic injury, preventable hospital accidents, now the third highest cause of death in the US.
This has mostly been a positive progression however because the rationale behind it was to make parts of the NHS accountable to someone.
Privatization does the exact opposite. And the globalization aspect of it is likely to make providers even more unaccountable.
A government 100% can't be accountable to itself and you can't realistically sue a government as an individual. If you spin the providers off then you can separate responsibility (hospitals and trusts) and quality (NHS England) which reduces corruption and increases standards (which is actually statistically evident since this restructuring).

Now that doesn't mean that healthcare has a cost or it is a free market, but it does mean that the companies have to be transparent to the government agencies.

It wont continue because the market issupposed to determine quality. Under the cult ideology its natural for people who pay less to get much less. Its their due for being poor.
Quote
Prior to this arrangement, quality was unknown, no one was accountable and many many lives were destroyed with no recourse.

I think people forgot the old British public sector energy, postal and transport systems and how absolutely bloody awful they were and how things have improved.

WTO has nothing to do with this either way.

I suspect you're reading totally different data than I am, and seeing the issue from a radically different perspective because the alternative to public health care where everybody is in and everybody is in the same system is healthcare for some but not for others. Once you give up the universal healthcare guarantee and let the wealthy buy out of the system, then they no longer are there keeping quality up, also the WTO rules kick in and privatize whats left. You likely don't know how many Americans are dying because they never get health care, or get it only long after they should have.

The statistics are found using the terms "excess deaths" "mortality amendable to improved access to health care" and "mortality amendable to healthcare".

Everything changed in September 1986 when at the Punta Del Este conference in Uruguay 'services' were put on the table in whats represented as a grand compromise to get the Global South nations to play the trading game. But methinks they doth protest too much. It really was all staged. Its a colossal global con job by the biggest con artists in the world, the insiders among insiders, to take the pressure off of them to change in a world where inequality is increasing exponentially.

The oligarchs are joining forces everywhere to gut the voices of democracy which the world needs more now than ever.

The huge effort being put into suppressing the voices and needs of humanity with divide and conquer tactics by putting forward a fake 'rules based system' that only increases inequality is a huge mistake.

Let me bow out of this now. I am sorry for this explanation. But I had to explain what I meant.

This has little if anything to do with backdoors.

There is a good discussion of hardware and software backdoors which I have been meaning to read more of at https://blog.invisiblethings.com and related web sites. The article on stateless laptop hardware in particular I thought was interesting.

I wonder if backdoors may already exist and if so they were likely put there by the top level (chip manufacturing) corporations to service the never ending requests I am sure they likely get from countries of all kinds.

Using open hardware - making and using open hardware may be an important way to slow down this attack on security.

But it may not be enough, witness the never ending security holes and backdoor like software problems which have emerged recently. I suspect that a new layer of hardware beneath the OSs and things which are known may in newer HW be tagging along for the ride.

The disclosures about security holes may just be the tip of an iceberg or not. I don't know.

I certainly am hoping it isn't.

But without knowing the political and economic contexts driving the wagon encircling and ladder up-pulling in high places we have no chance of understanding what may be happening, if indeed anything is happening, to hardware and software.

This context certainly is an important thing to know that isn't known. Because that question boils down to, are we living in real democracies, or not?

« Last Edit: December 12, 2018, 05:42:09 pm by cdev »
"What the large print giveth, the small print taketh away."
 

Online bd139

  • Super Contributor
  • ***
  • Posts: 14621
  • Country: gb
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #464 on: December 12, 2018, 03:08:49 pm »
You do realise we pay for the NHS as well? 98.8% of funding comes from direct taxation. This isn't a subsidy as there is no commoditisation.  NHS costs me personally about £11,000 a year. Worth every penny.

WRT privatisation this is very heavily audited stuff. Not black box health providers like in the US.

Edit: anyway this is totally derailed here now.  From a clearly more reliable source: https://www.reuters.com/article/us-supermicro-chips/super-micro-says-review-found-no-malicious-chips-in-motherboards-idUSKBN1OA12R
« Last Edit: December 12, 2018, 03:16:49 pm by bd139 »
 

Online cdev

  • Super Contributor
  • ***
  • Posts: 5350
  • Country: 00
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #465 on: December 12, 2018, 10:00:09 pm »
A couple of years ago I had a long discussion with an NHS accountant who was distraught that the Tory government was dismantling the drug payment arrangements they had for no reason, making it so they had to pay so much more "it will bankrupt the NHS" which is what has happened.

Its intentional, politicians now are corruptible. Which is why some things shouldn't be in their power to change.

And by that I don't mean put out of their reach forever by trade agreements either.  (Which is what we're getting now).
"What the large print giveth, the small print taketh away."
 

Online bd139

  • Super Contributor
  • ***
  • Posts: 14621
  • Country: gb
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #466 on: December 12, 2018, 10:28:18 pm »
That's a load of old crap though because there is a very big and well known reason. The problem is the backers of the suppliers. Look up Concordia's Liothyronine pricing scandal. 6000% rise in pricing once NHS supply was established with zero production cost increase. Currently it's managed through National Tariff and the reason they are scrapping it is it allows each individual trust to negotiate with the supplier rather than there being one central supply arrangement for a defined period of N years. So trusts can go "fuck you" now and go and buy from Teva.

The real bad guys here are HG Capital and Cinven who are the equity firms behind Concordia. Concordia couldn't have built the supply chain without the investors but the investors are greedy. They expect big returns (gotta buy a new Tesla every year) AND they expect forward development with bigger returns (I want a house on Richmond Hill to go with my Tesla).

Politics is an insignificant little puppet show really compared to the Ferengi bastards running the show behind the scenes.

This brings it back on topic because Bloomberg is one of those classes of companies but with information and propaganda instead of financial balls and chains. Their entire mission is to change markets and they are compensated heavily for doing that. Basically:

Someone wants to make money.
Start equity fund.
Throw investment ball to company.
Pay "shim" company (think Cambridge Analytica) to proxy marketing
Pay news agencies / information companies (Bloomberg / Facebook) to promote things or shit on competitors.
pay data companies (YouGov / Ipsos MORI) etc for analytics.
Feed back what works into step 4.

I've been knee deep in this crap for 15 years now. When I walk away I intend to throw a large hand grenade back in.

Supermicro is basically a victim here.
« Last Edit: December 12, 2018, 10:36:20 pm by bd139 »
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf