Yes to note I am trying to do this for £0
Yes to note I am trying to do this for £0
I'd be willing to chip in for a board, though absence of a part would prove nothing.
Macrofab Podcast published this podcast with a very interesting discussion on the state of hardware/supply chain security. Worth a listen!
https://macrofab.com/blog/mep-ep-142-supply-chain-conspiracy-securities/
"There's a lot of Kabuki theater of denial going on about this, we just don't know if the story is real. But just look at it this way: Does it really matter if it's real? Because if it hasn't happened yet, how long do we have to wait until it does?"
The terrifying takeaway from this conversation is how bluntly it confirms the most cynical notion that the single major form of IT security employed today still boils down to one form or another of "Security Through Obscurity". The constant cat & mouse between exploiters and IT security people is really just another aspect of that. Every new level of security we apply is only as good as discovery time to the next exploit.
That's exactly where I was going with this comment:
The reason you say that is because you think like a westerner, where you have to pay a third party to make the hardware. They OWN the foundries where this stuff is forged; for them electronic hardware is as fluid and dynamic as the software used to create it. It is just the CUSTOMER who has to pay for changes, because revision is their stock in trade.
A custom device, completely self-contained from the device it is monitoring, is the obvious choice from a security penetration standpoint, as EVERYTHING software that is supposed to be there has the potential to be reviewed while the device is IN USE.
And the use of such a device instantly allows deniability... it becomes much harder to track down where in the supply chain such a device was added; no way of knowing, or even guessing, whether the device was intercepted and the bug planted after the fact, or if it was contracted by one of the "Five Eyes, etc" groups to be produced in a "special run" of product that supposedly "never existed".
Really... you're thinking like a normal, sane person and attempting to apply LOGIC to the actions of government and enterprise BUREAUCRACY... that is why you can't imagine this.
mnem
Follow. The. Money.
Interesting though that they do address my previous comment about "Why not just drop a phony chip on there that looks like what belongs?" In that either is feasible... the pics could just be "dramatization" of what was really discovered, or equally possible is that it really is just that easy at that stage to move a few traces to allow connection to that little grain of rice.
I hate having my most cynical notions confirmed... or at least "not reasonably disproven". It beats the sh** out of my attempts to maintain a generally hopeful attitude towards human nature.
mnem
"I spoke to another conspiracy theorist and he confirmed we are probably/maybe/possibly being visited by aliens, but even if we are not, it must be inevitable, surely?"
You are conflating two completely different quantum levels of conspiracy theory. Science fiction vs science fact.
The difference here being that we have proven that this exact kind of skullduggery exists, because we've seen similar attacks performed by our own alphabet soup agencies, and concrete proof thereof.
The difference here is not substance, but choice of vector. A COMPLETELY different level of "What If?"
[EDIT]
I was really hoping that these guys, who work directly with the kinds of manufacturing involved, could lay down some meager reassurance that there was some level of security at this level of production. Of course, they probably don't work with the specific factory in question, so still a case of "Absence of proof ≠ proof of absence"; even as horrifying a picture as they paint of that supply chain in general, it's still POSSIBLE that the particular factory SuperMicro contracted with actually has some reasonable physical security in place.
[/EDIT]
Cheers,
mnem
Oooohhhh! The Kabuki Theater continues!!! Do I have time to run down to concessions? I'm all out of popcorn!!!
mnem
It’s certainly interesting!
Not surprised Tim Cook isn't happy about the story, who would be. SuperMicro stock at $14 down from $25. If I was Charles Liang, CEO of SuperMicro, I wouldn't be happy either with a made up story about infiltrated supply chains. From a legal point of view I think Bloomberg are skating a very thin ice just to make news. Allegedly.
Not surprised Tim Cook isn't happy about the story, who would be. SuperMicro stock at $14 down from $25. If I was Charles Liang, CEO of SuperMicro, I wouldn't be happy either with a made up story about infiltrated supply chains. From a legal point of view I think Bloomberg are skating a very thin ice just to make news. Allegedly.
I wonder why SuperMicro doesn't sue Bloomberg for reputational damage or something. Usually these big companies have big legal departments and sue a lot, just see all the patent lawsuits.
I wonder why SuperMicro doesn't sue Bloomberg for reputational damage or something. Usually these big companies have big legal departments and sue a lot, just see all the patent lawsuits.
I am sure that SuperMicro has its lawyers drafting up the papers while their QA and engineering (and probably some outside contractors, for neutrality's sake) tear apart hundreds of boards with a microscope and x-ray machines to make sure they are correct. The last thing they want is to sue Bloomberg and it turns out Bloomberg was right. I don't think that's the case, but SuperMicro is going to make damned sure they have a case, and when they do, they're probably not going to approach it gingerly.
Yeah, that's what we've said before will be the proof of the pudding... if/when these companies sue Bloomberg.
It may be they're very busy cleaning house and retconning records to be sure there's no chance it's true, and nothing that points, even faintly, towards it being possible... which thought is almost as scary as if it is true.
Time for the 3rd (4th?) Act in our little Kabuki Theater; I hear Kimiko is pregnant!
mnem
Time for the 3rd (4th?) Act in our little Kabuki Theater; I hear Kimiko is pregnant!
I think you'd be better off characterising it as Noh theatre. Everybody wears masks, there are five one act plays in a programme, with a comedy piece somewhere in the middle.
Given the origins, it's not impossible that the comedy piece could conceivably involve a dwagon.
What is the latest law made from the bench (aka jurisprudence) on companies as public figures in the US? If Supermicro has to prove malice it's an uphill battle.
What is the latest law made from the bench (aka jurisprudence) on companies as public figures in the US? If Supermicro has to prove malice it's an uphill battle.
I think you probably mean
precedent, not
jurisprudence.
jurisprudence |ˌdʒʊərɪsˈpruːd(ə)ns|
noun [ mass noun ]
the theory or philosophy of law.
precedent
noun |ˈprɛsɪd(ə)nt|
an earlier event or action that is regarded as an example or guide to be considered in subsequent similar circumstances: there are substantial precedents for using interactive media in training.
• Law a previous case or legal decision that may be or (binding precedent) must be followed in subsequent similar cases: we hope to set a legal precedent to protect hundreds of miles of green lanes.
What do you mean by "companies as public figures"? It's an odd phrase, and I can think of no particular relevance to defamation law.
Beware with the law of defamation. It is highly variable between jurisdictions both national and, in the case of the US, the jurisdictions of individual States. What law applies may depend very strongly on where the allegations were made, and what States/countries a plaintiff may be legally able to, or may choose to, take action in. Also, although many people think they know what the law is, experience and some formal instruction in defamation law in a previous life as a journalist, tells me that they are often mistaken.
It's a fair question, actually... even if phrased poorly.
As new laws are bought by the involved corporations, the current shift towards sanctioned "corporate personhood" affects all aspects of law.
Sad to say, but the current free-for-all has potential to increase exponentially in complexity and frequency... further distancing the average citizen from anything resembling justice.
mnem
*Sigh*
Time for the 3rd (4th?) Act in our little Kabuki Theater; I hear Kimiko is pregnant!
I think you'd be better off characterising it as Noh theatre. Everybody wears masks, there are five one act plays in a programme, with a comedy piece somewhere in the middle.
Given the origins, it's not impossible that the comedy piece could conceivably involve a dwagon.
Yes, and a favorite theme of said comedy involves said dwagon dying (usually a victim of his own hubris) comically and ironically at the hands of an incompetent or child protagonist.
As you might imagine, not my favorite flavor of humor.
However, the rest of your characterization is pretty spot on... including drama twice-distilled to improve its potency.
mnem
"Dying is easy; now comedy... that's hard."
What do you mean by "companies as public figures"? It's an odd phrase, and I can think of no particular relevance to defamation law.
If the company counts as a public figure they have to prove malice, in
this old case a company was not deemed one ... but times change and law is hard to google.
Yes, but this is hardly news!
Journalism has ALWAYS functioned this way; whether it's in the contract or the "unspoken law" that "you will break stories or you won't be here long", this has ALWAYS been the way the profession works. J. Jonah Jameson may be a caricature, but he's STILL an amalgam of real people, and there are plenty in the trade who still operate exactly the same way, even if only slightly less blatant about it.
Also: Seriously? Now we're having a shitfit because a "news agency" deliberately used sensationalist language in a headline?
mnem
"Nothing to see here, move along..."
And no, it’s not about a “sensationalist” headline. It’s about an entire article whose allegations are likely completely false!!!
Journalism has ALWAYS functioned this way;
Nope, that's total
!
OTOH The media have ALWAYS published false or overblown stories - and Bloomberg have a history of this. Yet strangely, you are desperate to believe your
conspiracy theory version than the simpler explanation that Bloomberg published a lemon. Whether the journalists were in search of Scoop of the Year or a fat bonus, we don't know, but we do know there is ZERO, ZILCH, NADA hard evidence for their story.
It's all very well people calling for transparency from SuperMicro, Apple, Amazon, how bout some transparency from Bloomberg.