Mark Minasi's Tech Forum
Sign up Calendar Latest Topics
 
 
 


Reply
  Author   Comment  
cspanburgh

Avatar / Picture

Senior Member
Registered:
Posts: 245
Reply with quote  #1 
In the news it's been reported that Super Micro Motherboards were found to have their built in NICs compromised by hardware and software from a nation seeking to steal data from corporations in the U.S.  

We often thought this could happen but now there is reported evidence.

It's sad because I remember installing Super Micro servers into my racks in California.  They are good machines.  Rock solid IMO.    But I think it's about time for companies to control their supply chains better and there must be a way to trust the chips and software burned on them.  

So what are the Recommended changes or tools that can be used for this issue.   The minds of this forum have a great deal of experience in the data center.  More than mine for sure.  I was always a guest, installing hardware and software or maintaining systems in data centers but not to the extent some of you have.


__________________
Curt Spanburgh
0
Donato

New Friend (or an Old Friend who Built a New Account)
Registered:
Posts: 47
Reply with quote  #2 
I did some quick research, on it. Some sites say that it's very hard for attackers to actually use the vulnerability & that there has to be malware already running on the machine. When I pointed the mouse to the link, it tried to take me to the vm software site, which offered nothing. Other sites say that the motherboards are built in China & the Chinese inserted a chip that doesn't belong there. What concers me the most & should concern everyone who is following the issue is the following quote:

"The U.S. government has been investigating the issue and much of this remains classified. The investigation goes back to 2014."
Why are the Feds not disclosing all of the info". I say that it's because they don't want to see a boycott of Super Micro products. My theory is that, whenever the question is why, the answer is money.

https://blog.eclypsium.com/2018/06/07/firmware-vulnerabilities-in-supermicro-systems/

Those ^ are the people who discovered the problem & offer detection & mitigation suggestions.  I say that if the Chinese inserted one chip, they certainly could have inserted others. I don't see any reason to continue to use of their motherboards unless you see or feel that their mitigation techniques are totally satisfactory.
0
cspanburgh

Avatar / Picture

Senior Member
Registered:
Posts: 245
Reply with quote  #3 
Great Points.   Four years of investigation should have produced some results.   But now this independent source reveals something that many companies were entitled to know.

When power struggles insert themselves into our technical lives it can be very ugly.   I really feel bad that Super Micro is getting hit by this.  When I procured their servers for clients and the company were I worked at the time they seemed to be a good option as opposed to an HP or DELL solution.    I built mostly DELL deployments at the time.

I hope more information comes out about this.  

My mantra of "There is no cheap", is proved once again.   Let's hope that Super Micro can survive this.    


__________________
Curt Spanburgh
0
Donato

New Friend (or an Old Friend who Built a New Account)
Registered:
Posts: 47
Reply with quote  #4 
Quote:
Let's hope that Super Micro can survive this.

It's nice of you to wish them well. You mentioned that you installed systems that used those motherboards. If you &/or your employer/clients are still connected to those machines, have you decided on a course of action to protect yourselves? Did the suggestions recommended by Eclypsium make sense?
0
cspanburgh

Avatar / Picture

Senior Member
Registered:
Posts: 245
Reply with quote  #5 
Those machines were setup before the time period mentioned.    But if I was still involved, and the machines were covered under support, I would insist that they verify a board or have a means to reflash the chips.  Also a means to pull the menomic code and compare it with the expected code in the chips.    Seems to me that some Network folks need to get deep down into the systems from now on.  

As in Mark's talk "Windows at C Level" , you have to get way down in the system and see what is going on.


__________________
Curt Spanburgh
0
Donato

New Friend (or an Old Friend who Built a New Account)
Registered:
Posts: 47
Reply with quote  #6 
Quote:
Seems to me that some Network folks need to get deep down into the systems from now on.  
As in Mark's talk "Windows at C Level" , you have to get way down in the system and see what is going on.


Are "network folks" really trained to analyse hardware or to go "way down in the system"? I think that it's beyond networking.
0
Donato

New Friend (or an Old Friend who Built a New Account)
Registered:
Posts: 47
Reply with quote  #7 
I was chatting on IRC about the Super Micro hack & someone pointed me to a podcast. The person speaking has doubts that the story is valid.

https://risky.biz/RB517_feature/
0
Previous Topic | Next Topic
Print
Reply

Quick Navigation:

Easily create a Forum Website with Website Toolbox.