bloomberg on supermicro: sky is falling

Alfie Pates alfie at
Mon Oct 8 09:48:59 UTC 2018

Important distinction; You fire any contractor who does it *repeatedly* after communicating the requirements for securing your data. 

Zero-tolerance for genuine mistakes (we all make them) just leads to high contractor turnaround and no conceivable security improvement; A a rotating door of mediocre contractors is a much larger attack surface than a small set of contractors you actively work with to improve security. 

~ a

On Mon, Oct 8, 2018, at 4:53 AM, Naslund, Steve wrote:
> You just need to fire any contractor that allows a server with sensitive 
> data out to an unknown address on the Internet.  Security 101.
> Steven Naslund
> >From: Eric Kuhnke <eric.kuhnke at>
> >
>  >many contractors *do* have sensitive data on their networks with a 
> gateway out to the public Internet. 
> >----------------------------------------
> >
> >I could definitely imagine that happening.
> >
> >scott

More information about the NANOG mailing list