bloomberg on supermicro: sky is falling

Lee ler762 at
Wed Oct 10 18:19:08 UTC 2018

On 10/10/18, Mike Hale < at> wrote:
> To be fair, the idea that your security costs shouldn't outweigh
> potential harm really shouldn't be controversial.  You don't spend a
> billion dollars to protect a million dollars worth of product.

The problem with that idea is that it's almost always implemented as
  your security costs shouldn't outweigh _your_ potential harm


> On Wed, Oct 10, 2018 at 10:54 AM Naslund, Steve <SNaslund at>
> wrote:
>> Mr Herrin, you are asking us to believe one or all of the following :
>> 1.  You believe that it is good security policy to NOT have a default DENY
>> ALL policy in place on firewalls for DoD and Intelligence systems handling
>> sensitive data.
>> 2.  You managed to convince DoD personnel of that fact and actually got
>> them to approve an Authorization to Operate such a system based on cost
>> savings.
>> 3.  You are just trolling to start a discussion.
>> The reason I asked what system it is would be to question the authorities
>> at DoD on who and why this was approved.  If you don't want to disclose
>> that then you are either trolling or don't want anyone to look into it.
>> It won't be hard to determine if you actually had any government contracts
>> since that is public data.  There are very few systems whose EXISTENCE is
>> actually classified, but you were the one that cited it as an example
>> supporting your policy.  If you cannot name the system then it doesn't
>> support your argument very well does it.  Completely unverifiable.
>> In any case I believe the smart people here on NANOG can accept or reject
>> your security advice based on the factors above.  I'm done talking about
>> this one.
>> Steven Naslund
>> >> Want to tell us what system this is?
>> >Yes, I want to give you explicit information about a government system
>> >in this public forum and you should encourage me to do so. I thought
>> >you said you had some skill in the security field?
>> >
>> >Regards,
>> >Bill Herrin

More information about the NANOG mailing list