On 10/05/2018 04:28 PM, james harvey via arch-general wrote:
On Fri, Oct 5, 2018 at 8:36 PM David C. Rankin <drankinatty@suddenlinkmail.com> wrote:
Worth passing along:
We can now add motherboard stealth chips to the list of security concerns
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-us...
I don't know what to think on this, but FWIW, Amazon and Apple deny this happened. Apple says a lot of the anonymous source background information is just wrong. They think this might be confusion over a single driver issue that happened. Apple also says it's not under an agreement or government ban regarding discussing such an issue.
https://www.cnbc.com/2018/10/04/apple-response-to-china-spy-chip-claims.html
The Register also did a very good story on "Who's telling the truth?" which leaves it as an open question. But with DOD involved, it makes interpreting the companies public statements a bit more difficult as they could presumably be given immunity for any SEC violation with careful wording to advance a particular denial... http://go.reg.cx/tdml/dfd67/5bdf87ff/0ca20a03/2Q0X Regardless of the "He said, she said..." It's pretty clear what happened, and the preponderance of the evidence isn't that Bloomberg got it wrong... I'm just glad my two SuperMicro boards predate the time period in question, but then there was: FS#58542: [linux] kernels 4.16.6 through 4.16.8 - 140 second boot hang and multiiple call traces in dmesg I filed on one of my SuperMicro boards https://bugs.archlinux.org/task/58542 (closed as it disappeared by 4.18.11) No doubt completely unrelated, but after reading the article, it does make you wonder. -- David C. Rankin, J.D.,P.E.