
<html>

  <head>

    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">

  </head>

  <body bgcolor="#FFFFFF" text="#000000">

    On 04/10/2018 22:28, Naslund, Steve wrote:<br>

    <blockquote

cite="mid:9578293AE169674F9A048B2BC9A081B402FD192C16@MUNPRDMBXA1.medline.com"

      type="cite">

      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">

      <meta name="Generator" content="Microsoft Word 12 (filtered

        medium)">

      <style><!--

/* Font Definitions */

@font-face

        {font-family:"Cambria Math";

        panose-1:2 4 5 3 5 4 6 3 2 4;}

@font-face

        {font-family:Calibri;

        panose-1:2 15 5 2 2 2 4 3 2 4;}

/* Style Definitions */

p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0in;

        margin-bottom:.0001pt;

        font-size:12.0pt;

        font-family:"Times New Roman","serif";}

a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:blue;

        text-decoration:underline;}

a:visited, span.MsoHyperlinkFollowed

        {mso-style-priority:99;

        color:purple;

        text-decoration:underline;}

p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph

        {mso-style-priority:34;

        margin-top:0in;

        margin-right:0in;

        margin-bottom:0in;

        margin-left:.5in;

        margin-bottom:.0001pt;

        font-size:12.0pt;

        font-family:"Times New Roman","serif";}

span.EmailStyle17

        {mso-style-type:personal-reply;

        font-family:"Calibri","sans-serif";

        color:#1F497D;}

.MsoChpDefault

        {mso-style-type:export-only;}

@page WordSection1

        {size:8.5in 11.0in;

        margin:1.0in 1.0in 1.0in 1.0in;}

div.WordSection1

        {page:WordSection1;}

/* List Definitions */

@list l0

        {mso-list-id:1304650995;

        mso-list-type:hybrid;

        mso-list-template-ids:-1941813366 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}

@list l0:level1

        {mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-.25in;}

ol

        {margin-bottom:0in;}

ul

        {margin-bottom:0in;}

--></style><!--[if gte mso 9]><xml>

<o:shapedefaults v:ext="edit" spidmax="1026" />

</xml><![endif]--><!--[if gte mso 9]><xml>

<o:shapelayout v:ext="edit">

<o:idmap v:ext="edit" data="1" />

</o:shapelayout></xml><![endif]-->

      <div class="WordSection1">

        <p class="MsoNormal"><span

style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Quite

            different really.  FIREWALK is really an intercept device to

            get data out of a firewalled or air gapped network.  The

            exploit Bloomberg describes would modify or alter data going

            across a server’s bus.  The big difference is the Bloomberg

            device needs command and control and a place to dump the

            tapped data to over the server’s network connection.  That

            device is not going to be able to do so out of any

            classified military network I have ever worked on.  Or

            anyone with a halfway decent firewall (which I would assume

            Apple and Amazon would have for the internal servers).  I

            think this article is unlikely to be true for the following

            reasons :<o:p></o:p></span></p>

        <p class="MsoNormal"><span

style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>

        <p class="MsoListParagraph"

          style="text-indent:-.25in;mso-list:l0 level1 lfo1"><!--[if !supportLists]--><span

style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><span

              style="mso-list:Ignore">1.<span style="font:7.0pt

                "Times New Roman"">      

              </span></span></span><!--[endif]--><span

style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Separate

            chip is much more detectable physically than an altered

            chipset that is already on the board.<o:p></o:p></span></p>

        <p class="MsoListParagraph"

          style="text-indent:-.25in;mso-list:l0 level1 lfo1"><!--[if !supportLists]--><span

style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><span

              style="mso-list:Ignore">2.<span style="font:7.0pt

                "Times New Roman"">      

              </span></span></span><!--[endif]--><span

style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Requires

            motherboard redesign to get access to power and buses needed

            (again easily detectable during any design mods “hey does

            anyone know what these are for?”)<o:p></o:p></span></p>

        <p class="MsoListParagraph"

          style="text-indent:-.25in;mso-list:l0 level1 lfo1"><!--[if !supportLists]--><span

style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><span

              style="mso-list:Ignore">3.<span style="font:7.0pt

                "Times New Roman"">      

              </span></span></span><!--[endif]--><span

style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Does

            not have onboard communications so it will be sending data

            traffic on the network interfaces (will definitely trigger

            even the most rudimentary IDP systems).    It relies on

            these backbone Internet companies and Intelligence agencies

            to have absolutely abysmal security on their networks to be

            at all useful.<o:p></o:p></span></p>

        <p class="MsoListParagraph"

          style="text-indent:-.25in;mso-list:l0 level1 lfo1"><!--[if !supportLists]--><span

style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><span

              style="mso-list:Ignore">4.<span style="font:7.0pt

                "Times New Roman"">      

              </span></span></span><!--[endif]--><span

style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Parts

            would have to be brought into the plant, stored somewhere,

            and all the internal systems would need a trail of  where

            the part came from, how ordered it, where it is warehoused,

            loaded into pick/place, etc.  Much better to compromised an

            existing chips supply chain.<o:p></o:p></span></p>

      </div>

    </blockquote>

    <br>

    Whatever the truth here, I'm sure that the article as it is written

    isn't telling us everything. There's more to this than meets the eye

    including, quite possibly, the full facts about how data would be

    exfiltrated and/or, perhaps, exactly what was done to the customers'

    hardware.<br>

    <br>

    <blockquote

cite="mid:9578293AE169674F9A048B2BC9A081B402FD192C16@MUNPRDMBXA1.medline.com"

      type="cite">

      <div class="WordSection1">

        <p class="MsoNormal"><span

style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Does

            anyone think that someone somewhere is trying to kill

            Supermicro?  They sure have had a lots of bad news lately.</span></p>

      </div>

    </blockquote>

    <br>

    Who knows. Perhaps we are intended to come away with certain

    impressions.<br>

    <br>

    <pre class="moz-signature" cols="72">-- 

Mark Rousell</pre>

  </body>

</html>