<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 04/10/2018 22:28, Naslund, Steve wrote:<br>
<blockquote
cite="mid:9578293AE169674F9A048B2BC9A081B402FD192C16@MUNPRDMBXA1.medline.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 12 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1304650995;
mso-list-type:hybrid;
mso-list-template-ids:-1941813366 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Quite
different really. FIREWALK is really an intercept device to
get data out of a firewalled or air gapped network. The
exploit Bloomberg describes would modify or alter data going
across a server’s bus. The big difference is the Bloomberg
device needs command and control and a place to dump the
tapped data to over the server’s network connection. That
device is not going to be able to do so out of any
classified military network I have ever worked on. Or
anyone with a halfway decent firewall (which I would assume
Apple and Amazon would have for the internal servers). I
think this article is unlikely to be true for the following
reasons :<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoListParagraph"
style="text-indent:-.25in;mso-list:l0 level1 lfo1"><!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><span
style="mso-list:Ignore">1.<span style="font:7.0pt
"Times New Roman"">
</span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Separate
chip is much more detectable physically than an altered
chipset that is already on the board.<o:p></o:p></span></p>
<p class="MsoListParagraph"
style="text-indent:-.25in;mso-list:l0 level1 lfo1"><!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><span
style="mso-list:Ignore">2.<span style="font:7.0pt
"Times New Roman"">
</span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Requires
motherboard redesign to get access to power and buses needed
(again easily detectable during any design mods “hey does
anyone know what these are for?”)<o:p></o:p></span></p>
<p class="MsoListParagraph"
style="text-indent:-.25in;mso-list:l0 level1 lfo1"><!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><span
style="mso-list:Ignore">3.<span style="font:7.0pt
"Times New Roman"">
</span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Does
not have onboard communications so it will be sending data
traffic on the network interfaces (will definitely trigger
even the most rudimentary IDP systems). It relies on
these backbone Internet companies and Intelligence agencies
to have absolutely abysmal security on their networks to be
at all useful.<o:p></o:p></span></p>
<p class="MsoListParagraph"
style="text-indent:-.25in;mso-list:l0 level1 lfo1"><!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><span
style="mso-list:Ignore">4.<span style="font:7.0pt
"Times New Roman"">
</span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Parts
would have to be brought into the plant, stored somewhere,
and all the internal systems would need a trail of where
the part came from, how ordered it, where it is warehoused,
loaded into pick/place, etc. Much better to compromised an
existing chips supply chain.<o:p></o:p></span></p>
</div>
</blockquote>
<br>
Whatever the truth here, I'm sure that the article as it is written
isn't telling us everything. There's more to this than meets the eye
including, quite possibly, the full facts about how data would be
exfiltrated and/or, perhaps, exactly what was done to the customers'
hardware.<br>
<br>
<blockquote
cite="mid:9578293AE169674F9A048B2BC9A081B402FD192C16@MUNPRDMBXA1.medline.com"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Does
anyone think that someone somewhere is trying to kill
Supermicro? They sure have had a lots of bad news lately.</span></p>
</div>
</blockquote>
<br>
Who knows. Perhaps we are intended to come away with certain
impressions.<br>
<br>
<pre class="moz-signature" cols="72">--
Mark Rousell</pre>
</body>
</html>