Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Supermicro - Potential security issues
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Off the Wall
View previous topic :: View next topic  
Author Message
A.S. Pushkin
Apprentice
Apprentice


Joined: 09 Nov 2002
Posts: 286
Location: dx/dt, dy/dt, dz/dt, t

PostPosted: Thu Oct 04, 2018 6:59 pm    Post subject: Supermicro - Potential security issues Reply with quote

This may offend some, but I stumbled upon an article at Zerohedge.com today. As I recently purchased
an MSI laptop, it caught my attention. Though well made, the "thin laptop" was a bad idea. My older Dell
was much easier to change the battery or drive. Fortunately I'm running Linux so I may have more
control, but from a security perspective I suggest avoiding the brand for security reasons.


https://www.zerohedge.com/news/2018-10-04/explosive-report-details-chinese-infiltration-apple-amazon-and-cia

Edit:I have another warning on MSI if you wish to run Linux. I've been unable to get BricsCAD running in Gentoo,
so I installed openSUSE (Leap 42.1) in virtualbox and it runs well. I wanted to take it with me and Intel
CPUs are not supported so it ran rather badly on my Dell Latitude 620. That led me to the MSI with 32GB ram,
i7-7700HQ cpu. Leap 42.1 runs quite well without Nvidia drivers(P3000), but upgrading to newer releases the desktop
has been a dog and installing Nvidia drivers is problematic, or has been for me.

I failed to do my homework. MY desktop mainboard allows me to disable the integrated Intel video adapter, but not so
on the MSI. A call to tech support informed me that the Quadro on the MSI laptop requires the Intel i915, which means I'm stuck.
Others may have better results, but my advice is to avoid MSI unless they allow the disabling of the integrated card via BIOS.
_________________
ASPushkin

"In a time of universal deceit - telling the truth is a revolutionary act." -- George Orwell


Last edited by A.S. Pushkin on Fri Oct 26, 2018 9:22 pm; edited 1 time in total
Back to top
View user's profile Send private message
Naib
Watchman
Watchman


Joined: 21 May 2004
Posts: 5476
Location: Removed by Neddy

PostPosted: Thu Oct 04, 2018 7:00 pm    Post subject: Reply with quote

offend? how does the truth offend?
_________________
The best argument against democracy is a five-minute conversation with the average voter
Great Britain is a republic, with a hereditary president, while the United States is a monarchy with an elective king
Back to top
View user's profile Send private message
Bones McCracker
Veteran
Veteran


Joined: 14 Mar 2006
Posts: 1606
Location: U.S.A.

PostPosted: Thu Oct 04, 2018 8:23 pm    Post subject: Reply with quote

Probably has chinese antivirus app on his cell phone too.
_________________
patrix_neo wrote:
The human thought: I cannot win.
The ratbrain in me : I can only go forward and that's it.
Back to top
View user's profile Send private message
Morality124
n00b
n00b


Joined: 20 Feb 2018
Posts: 30

PostPosted: Thu Oct 04, 2018 11:44 pm    Post subject: Reply with quote

What's the connection to MSI?
Back to top
View user's profile Send private message
notageek
Tux's lil' helper
Tux's lil' helper


Joined: 05 Jun 2008
Posts: 131
Location: India

PostPosted: Fri Oct 05, 2018 5:09 am    Post subject: Reply with quote

Here's another article on the subject.

https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
_________________
"Defeat is a state of mind. No one is ever defeated, until defeat has been accepted as a reality." -- Bruce Lee
Back to top
View user's profile Send private message
newcomer
n00b
n00b


Joined: 19 Nov 2017
Posts: 11

PostPosted: Fri Oct 05, 2018 1:06 pm    Post subject: Reply with quote

My wife used to be a hardware design engineer at RIM/Blackberry, and her reaction to this report was nonsense.

notageek wrote:
Here's another article on the subject.

https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies


Last edited by newcomer on Sat Oct 06, 2018 3:53 pm; edited 1 time in total
Back to top
View user's profile Send private message
Bones McCracker
Veteran
Veteran


Joined: 14 Mar 2006
Posts: 1606
Location: U.S.A.

PostPosted: Sat Oct 06, 2018 12:36 pm    Post subject: Reply with quote

The US has been doing this for decades. Gets mad bro when China pulls fucky-sucky five dolla version of same stunt.
_________________
patrix_neo wrote:
The human thought: I cannot win.
The ratbrain in me : I can only go forward and that's it.
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 17456

PostPosted: Sat Oct 06, 2018 5:14 pm    Post subject: Reply with quote

newcomer wrote:
My wife used to be a hardware design engineer at RIM/Blackberry, and her reaction to this report was nonsense.
I'm guessing you mean her opinion of the report was that the report was nonsense and not that you thought her reaction was nonsense. Presuming the former, why? Everything appears to be technically possible as well as supply-chain possible. So where's the nonsense? The Register has an interesting "analysis" on the denials and b'berg report sources.
_________________
Slowly I turned. Step by step.
Back to top
View user's profile Send private message
newcomer
n00b
n00b


Joined: 19 Nov 2017
Posts: 11

PostPosted: Sat Oct 06, 2018 8:11 pm    Post subject: Reply with quote

pjp wrote:
newcomer wrote:
My wife used to be a hardware design engineer at RIM/Blackberry, and her reaction to this report was nonsense.
I'm guessing you mean her opinion of the report was that the report was nonsense and not that you thought her reaction was nonsense. Presuming the former, why? Everything appears to be technically possible as well as supply-chain possible. So where's the nonsense? The Register has an interesting "analysis" on the denials and b'berg report sources.


She doesn't want to waste her time on Bloomberg's bullshit.
I agree with her opinion that even the CIA or the NSA is incapable of producing the spy chip mentioned in the report and placing it on the Motherboard.

https://www.buzzfeednews.com/article/johnpaczkowski/apple-china-hacking-bloomberg-servers-spies-fbi
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 17456

PostPosted: Sat Oct 06, 2018 9:19 pm    Post subject: Reply with quote

Uhm, OK. What does the CIA and NSA have to do with whether or not Chinese state interests can or have altered the parts?

But Buzzfeed reporting a company denies something is somehow more credible? I'm not saying it happened, just seems like a strange dismissal.
_________________
Slowly I turned. Step by step.
Back to top
View user's profile Send private message
newcomer
n00b
n00b


Joined: 19 Nov 2017
Posts: 11

PostPosted: Sat Oct 06, 2018 9:49 pm    Post subject: Reply with quote

The point is that China has no ability to make that kind of spy chip and put it on the motherboard.
And the report did not provide any actual evidence to prove their allegations.
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 17456

PostPosted: Sat Oct 06, 2018 10:12 pm    Post subject: Reply with quote

newcomer wrote:
The point is that China has no ability to make that kind of spy chip and put it on the motherboard.
And the report did not provide any actual evidence to prove their allegations.
China does not have the ability based on what? No one said evidence proved the allegations. That doesn't negate credibly plausible.
_________________
Slowly I turned. Step by step.
Back to top
View user's profile Send private message
newcomer
n00b
n00b


Joined: 19 Nov 2017
Posts: 11

PostPosted: Sat Oct 06, 2018 11:25 pm    Post subject: Reply with quote

I don't know what makes people believe that China has the ability to make a spy chip smaller than a grain of rice.
But I know that once the United States does not provide computer chips to Chinese companies, those Chinese companies will immediately close down.

pjp wrote:
China does not have the ability based on what?


I believe Bloomberg has a responsibility to prove the Story.

pjp wrote:
That doesn't negate credibly plausible.
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 5290

PostPosted: Sun Oct 07, 2018 1:22 am    Post subject: Reply with quote

newcomer wrote:
I don't know what makes people believe that China has the ability to make a spy chip smaller than a grain of rice.

Why would they need to make one? Just buy Cortex-M4s like everyone else does, they're the size of a speck of sand and in every piece of plastic China sells to the US already
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 17456

PostPosted: Sun Oct 07, 2018 1:44 am    Post subject: Reply with quote

newcomer wrote:
I believe Bloomberg has a responsibility to prove the Story.
Yes, you made that clear with previous comments. Which have nothing to do with the questions I asked. Thanks anyway. Not believing the story is fine. Randomly doubting generalized capabilities is unrelated.
_________________
Slowly I turned. Step by step.
Back to top
View user's profile Send private message
Bones McCracker
Veteran
Veteran


Joined: 14 Mar 2006
Posts: 1606
Location: U.S.A.

PostPosted: Sun Oct 07, 2018 1:53 am    Post subject: Reply with quote

newcomer wrote:
I don't know what makes people believe that China has the ability to make a spy chip smaller than a grain of rice.
But I know that once the United States does not provide computer chips to Chinese companies, those Chinese companies will immediately close down.

pjp wrote:
China does not have the ability based on what?


I believe Bloomberg has a responsibility to prove the Story.

pjp wrote:
That doesn't negate credibly plausible.

You're kidding yourself. The Chinese have their own 5th-generation stealth fighters, have men in space, sometimes have the worlds fastest supercomputer, have engineered their own successful CPU, and are experimenting with quantum networking. They may eagerly copy everything we stupidly allow them to copy, but that doesn't mean they are stupid. Your views are ethnocentric, possibly racist, and foolhardily so.

The article dummies things down to the point of being inaccurate, but the basic truth behind it is that they have created backdoors.
_________________
patrix_neo wrote:
The human thought: I cannot win.
The ratbrain in me : I can only go forward and that's it.
Back to top
View user's profile Send private message
newcomer
n00b
n00b


Joined: 19 Nov 2017
Posts: 11

PostPosted: Sun Oct 07, 2018 2:38 am    Post subject: Reply with quote

The Cortex-M4s is just a processor and requires some external components to work properly.

Ant P. wrote:
newcomer wrote:
I don't know what makes people believe that China has the ability to make a spy chip smaller than a grain of rice.

Why would they need to make one? Just buy Cortex-M4s like everyone else does, they're the size of a speck of sand and in every piece of plastic China sells to the US already
Back to top
View user's profile Send private message
newcomer
n00b
n00b


Joined: 19 Nov 2017
Posts: 11

PostPosted: Sun Oct 07, 2018 2:57 am    Post subject: Reply with quote

Russia is far better than China in this respect. Have you ever heard of Lojax? This may be the top chip-level backdoor in the real world.

Bones McCracker wrote:

The article dummies things down to the point of being inaccurate, but the basic truth behind it is that they have created backdoors.
Back to top
View user's profile Send private message
Bones McCracker
Veteran
Veteran


Joined: 14 Mar 2006
Posts: 1606
Location: U.S.A.

PostPosted: Sun Oct 07, 2018 4:20 am    Post subject: Reply with quote

newcomer wrote:
Russia is far better than China in this respect. Have you ever heard of Lojax? This may be the top chip-level backdoor in the real world.

Bones McCracker wrote:

The article dummies things down to the point of being inaccurate, but the basic truth behind it is that they have created backdoors.

Yeah, but what's Russia got to do with the price of avacados in Albuquerque?
_________________
patrix_neo wrote:
The human thought: I cannot win.
The ratbrain in me : I can only go forward and that's it.
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 6886
Location: almost Mile High in the USA

PostPosted: Sun Oct 07, 2018 7:45 am    Post subject: Reply with quote

Was the source of this all from Bloomberg? And Bloomberg is a <cough> reputable hardware news source?

Are there any other reports of these shenanigans?

I think the FUD of the possibility of this happening is starting to get real with components getting smaller and smaller... I'd really like to know how the supposed chip is hooked up on the motherboard and perhaps it would be possible to do some investigation of how it works...
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
P.Kosunen
Guru
Guru


Joined: 21 Nov 2005
Posts: 305
Location: Finland

PostPosted: Sun Oct 07, 2018 10:01 am    Post subject: Reply with quote

Quote:
Officials familiar with the investigation say the primary role of implants such as these is to open doors that other attackers can go through. “Hardware attacks are about access,” as one former senior official puts it. In simplified terms, the implants on Supermicro hardware manipulated the core operating instructions that tell the server what to do as data move across a motherboard, two people familiar with the chips’ operation say. This happened at a crucial moment, as small bits of the operating system were being stored in the board’s temporary memory en route to the server’s central processor, the CPU. The implant was placed on the board in a way that allowed it to effectively edit this information queue, injecting its own code or altering the order of the instructions the CPU was meant to follow. Deviously small changes could create disastrous effects.

Since the implants were small, the amount of code they contained was small as well. But they were capable of doing two very important things: telling the device to communicate with one of several anonymous computers elsewhere on the internet that were loaded with more complex code; and preparing the device’s operating system to accept this new code. The illicit chips could do all this because they were connected to the baseboard management controller, a kind of superchip that administrators use to remotely log in to problematic servers, giving them access to the most sensitive code even on machines that have crashed or are turned off.


This smells BS.
Back to top
View user's profile Send private message
newcomer
n00b
n00b


Joined: 19 Nov 2017
Posts: 11

PostPosted: Sun Oct 07, 2018 4:25 pm    Post subject: Reply with quote

Explaining the error of the report to someone who doesn’t understand how the computer hardware works is too difficult and complicated.

Anyway, my opinion is the same as DHS, NCSC,
Quote:
at this time we have no reason to doubt the statements from the companies named in the story
Back to top
View user's profile Send private message
A.S. Pushkin
Apprentice
Apprentice


Joined: 09 Nov 2002
Posts: 286
Location: dx/dt, dy/dt, dz/dt, t

PostPosted: Mon Oct 08, 2018 7:26 pm    Post subject: Reply with quote

I think it an error to think the people of China are incapable to taking technology developed in the West
and re-engineer it for their own use. I am not Chinese, but I see this nation as very capable.
Perhaps others have not read Sun Tsu. Too many in the West see strategy from a very narrow view point.
When I first read Sun Tsu and the Book of Five Rings I realized that there is more to strategy. When
World II broke out the United States failed to recognize the capabilities of Japan. It was a hard fight
against a very capable foe. I have a friend, who lost two brothers on December 7, 1941.

I respect everyone.
_________________
ASPushkin

"In a time of universal deceit - telling the truth is a revolutionary act." -- George Orwell
Back to top
View user's profile Send private message
aidanjt
Veteran
Veteran


Joined: 20 Feb 2005
Posts: 1104
Location: Rep. of Ireland

PostPosted: Mon Oct 08, 2018 8:05 pm    Post subject: Reply with quote

A.S. Pushkin wrote:
I think it an error to think the people of China are incapable to taking technology developed in the West


Nobody is doubting that China is capable of compromising the security of products manufactured by them. The main issue here is the technical 'details' of the report, they are very dubious.
_________________
juniper wrote:
you experience political reality dilation when travelling at american political speeds. it's in einstein's formulas. it's not their fault.
Back to top
View user's profile Send private message
Morality124
n00b
n00b


Joined: 20 Feb 2018
Posts: 30

PostPosted: Tue Oct 09, 2018 12:14 am    Post subject: Reply with quote

https://twitter.com/riskybusiness/status/1049429881031819264

Quote:
I did a thing on the Bloomberg "Big Hack" story. @securelyfitz, one of the story's only named sources, warned the publication that its central claim "didn't make any sense," prior to publication.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Off the Wall All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum