- 主题发起人 小雷音
- 发布时间 2018-10-04
不懂技术,只看到别人的评论,都是转的,我是信的
The little bit of technical meat:
这种东西现在查了3年,就那么一个米粒大小的芯片出现在中国组装的主板上。你怎么解释?
你问我这芯片到底是什么,我也不知道啊,我只知道人家公布了调查了三年得出的结论:
investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines.
调查人员发现这些米粒大小的芯片可以给攻击者敞开一个可以进入任何网络包括修改硬件的后门。
Odd to me that some find this news funny or want to argue which technical term is correct. If this “Big Hack” had gone unnoticed, Amazon might have acquired a company that has government contracts that include drone data from the battlefield. Just because our dollars spent on Chinese products have funded an Industrial revolution in China does not mean their government is our best friend. Espionage at this level could be considered an act of war. The article mentions 30 companies that were affected. That is probably a guess. If an enemy has a backdoor into key supply chains a cyber attack could do more damage than a nuke.
Reply
Share
ReportSave
level 1
dognose
18 points·9 hours ago
Would like to see a little more technical details on this hack. Any others similar to this discovered?
Reply
Share
ReportSave
The little bit of technical meat:
The illicit chips could do all this because they were connected to the baseboard management controller, a kind of superchip that administrators use to remotely log in to problematic servers, giving them access to the most sensitive code even on machines that have crashed or are turned off.
So it hijacked the intentionally included backdoor already present.这种东西现在查了3年,就那么一个米粒大小的芯片出现在中国组装的主板上。你怎么解释?
你问我这芯片到底是什么,我也不知道啊,我只知道人家公布了调查了三年得出的结论:
investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines.
调查人员发现这些米粒大小的芯片可以给攻击者敞开一个可以进入任何网络包括修改硬件的后门。
Odd to me that some find this news funny or want to argue which technical term is correct. If this “Big Hack” had gone unnoticed, Amazon might have acquired a company that has government contracts that include drone data from the battlefield. Just because our dollars spent on Chinese products have funded an Industrial revolution in China does not mean their government is our best friend. Espionage at this level could be considered an act of war. The article mentions 30 companies that were affected. That is probably a guess. If an enemy has a backdoor into key supply chains a cyber attack could do more damage than a nuke.
Reply
Share
ReportSave
level 1
dognose
18 points·9 hours ago
Would like to see a little more technical details on this hack. Any others similar to this discovered?
Reply
Share
ReportSave
Correct me if I'm wrong, but to me, this sounds like a mega event in the security scene that would, if confirmed, ripple through the ages as one of the most devastating attacks ever launched.
What are the implications? The world of today cannot simply untie itself from the chinese supply chain. Are there technical steps one can take to insure a board is untampered with? What do I tell my customers, customers that I sold 90% Supermicro based servers?
What are the implications? The world of today cannot simply untie itself from the chinese supply chain. Are there technical steps one can take to insure a board is untampered with? What do I tell my customers, customers that I sold 90% Supermicro based servers?
https://www.apple.com/newsroom/2018/10/what-businessweek-got-wrong-about-apple/
https://9to5mac.com/2018/10/04/apple-statement-denies-bloomberg-report/
https://www.theverge.com/2018/10/4/17936968/apple-amazon-deny-servers-chinese-spy-chips
https://www.imore.com/did-china-hardware-hack-supermicro-servers-used-apple-and-amazon
https://9to5mac.com/2018/10/04/apple-statement-denies-bloomberg-report/
https://www.theverge.com/2018/10/4/17936968/apple-amazon-deny-servers-chinese-spy-chips
https://www.imore.com/did-china-hardware-hack-supermicro-servers-used-apple-and-amazon
最后编辑: 2018-10-04
我也贴个讨论吧:
Kyleh
The upside is this will force Government and Businesses to bring Manufacturing back to the US in the name of National Security.
The downside is Trump will get the credit for it!
Posted on Oct 4, 2018 | 5:48 PM
Dr Strange
Why do you think the story has been created?
Kyleh
The upside is this will force Government and Businesses to bring Manufacturing back to the US in the name of National Security.
The downside is Trump will get the credit for it!
Posted on Oct 4, 2018 | 5:48 PM
Dr Strange
Why do you think the story has been created?
我好奇去仔细看了原文,你贴的这段话,结合前后文,意思恰恰是该文章想阐述的 hardware hacking techniques 可以有多牛逼闪闪。
This makes sense to me:
“
The implant was placed on the board in a way that allowed it to effectively edit this information queue, injecting its own code or altering the order of the instructions the CPU was meant to follow. Deviously small changes could create disastrous effects.
”
另外,涉事的主板商是美国的 Supermicro, 该公司在中国有几个分包商。
文章的基调就是,HACK CHIPS SCANDAL 有现实的可能,也有政治上的动机,就差确凿的证据了。
我自己觉得这件事很可能是莫须有,莫须有比定罪省劲多了,不需要严格的证据证明。
这个事情出来是在2015,16年, 现在突然拿出来炒,感觉应该是川普政府配合贸易战的一个行动,文章提到:
“
The Trump administration has made computer and networking hardware, including motherboards, a focus of its latest round of trade sanctions against China, and White House officials have made it clear they think companies will begin shifting their supply chains to other countries as a result. Such a shift might assuage officials who have been warning for years about the security of the supply chain—even though they’ve never disclosed a major reason for their concerns.
”
美国制造业想彻底摆脱中国谈何容易,生产供应链都在中国,尾大不掉。 对于铁了心想和中国决战到底的美国政府来说绝对不是好消息。大概就是想借这件事情发挥一下,以国家安全为由,把生产供应链从中国移除,当然最好是移到美国了。
Supermicro has grown from a Silicon Valley start-up to a multi-billion dollar Fortune 1000 company. The establishment of the company as a provider of leading enterprise data center solutions has continued to drive impressive and consistent growth for a quarter of a century, impressively achieving 6x revenue growth over the past ten years while being profitable every year since inception.
Since our founding in San Jose in 1993, Supermicro has promoted solutions that reduce emissions and protect the environment. Being based in the heart of Silicon Valley enables us to design and manufacture industry-leading server and storage products with superior performance, quality and first-to-market for rapid adoption by the market. Our innovations enable optimized server solutions that provide maximum density and power efficiency. We are committed to protecting the environment through our "We Keep IT Green®" initiatives, such as the recently developed Resource-Saving Computing designs that reduce data center energy consumption and E-waste while saving customers money on both acquisition plus operational costs and during refresh cycles for maximum TCE (Total Cost to the Environment) savings. Supermicro’s latest innovative server solutions will not only give customers a competitive edge, but also an ecological one.
Since our founding in San Jose in 1993, Supermicro has promoted solutions that reduce emissions and protect the environment. Being based in the heart of Silicon Valley enables us to design and manufacture industry-leading server and storage products with superior performance, quality and first-to-market for rapid adoption by the market. Our innovations enable optimized server solutions that provide maximum density and power efficiency. We are committed to protecting the environment through our "We Keep IT Green®" initiatives, such as the recently developed Resource-Saving Computing designs that reduce data center energy consumption and E-waste while saving customers money on both acquisition plus operational costs and during refresh cycles for maximum TCE (Total Cost to the Environment) savings. Supermicro’s latest innovative server solutions will not only give customers a competitive edge, but also an ecological one.
- 最大赞力
- 0.00
- 当前赞力
- 100.00%
我只听说过米国卖给伊拉克的CPU做过手脚有后门
加拿大,日本,欧盟嘴上骂美国骂的厉害, 真到练得时候都能理性选择。 中国的情况却是“归于一尊”,没有有效的纠错机制,走错一步大棋,国运都会衰败。。。
Similar threads
5 天前有新赞
全楼:0.00
flashlight
