hate these ads?, log in or register to hide them
Page 34 of 34 FirstFirst ... 2431323334
Results 661 to 674 of 674

Thread: Antivirus is shit, everything is compromised, etc etc (Cybersecurity thread)

  1. #661
    Movember 2011Movember 2012 Nordstern's Avatar
    Join Date
    April 10, 2011
    Posts
    9,379
    October surprise electioneering, perhaps? Maybe to influence peoples' views on China policy?
    "Holy shit, I ask you to stop being autistic and you debate what autistic is." - spasm
    Quote Originally Posted by Larkonis Trassler View Post
    WTF I hate white people now...

  2. #662
    vDJ's Avatar
    Join Date
    July 31, 2012
    Location
    �� out there
    Posts
    1,385
    Quote Originally Posted by Nordstern View Post
    October surprise electioneering, perhaps? Maybe to influence peoples' views on China policy?
    That's a pretty cool one.
    Also imagine the financial consequences of Apple and Amazon coming out and saying "ye china fucked us" at the same time. Apple has been spinning the "we care about your privacy" line vs both windows and android for some time now so that'd look especially bad for the average Joe, whereas pros would be more concerned about Amazon.

  3. #663

    Join Date
    May 31, 2011
    Posts
    4,082
    Quote Originally Posted by XenosisMk4 View Post
    Quote Originally Posted by Hel OWeen View Post
    It'll be fun to see which side is right here, as both sides quite heavily "invested" in their side of the story.

    Meanwhile elsewhere people also have a look at it and come to different conclusions. This one caught my attention.
    “We are aware of the media reports but at this stage have no reason to doubt the detailed assessments made by AWS and Apple,” said the National Cyber Security Centre, a unit of Britain’s eavesdropping agency, GCHQ. AWS refers to Amazon Web Services, the company’s cloud-computing unit.

    [...]

    Apple’s recently retired general counsel, Bruce Sewell, told Reuters he called the FBI’s then-general counsel James Baker last year after being told by Bloomberg of an open investigation into Super Micro Computer Inc (SMCI.PK), a hardware maker whose products Bloomberg said were implanted with malicious Chinese chips.

    “I got on the phone with him personally and said, ‘Do you know anything about this?,” Sewell said of his conversation with Baker. “He said, ‘I’ve never heard of this, but give me 24 hours to make sure.’ He called me back 24 hours later and said ‘Nobody here knows what this story is about.’”

    Baker and the FBI declined to comment Friday.
    Source: https://in.reuters.com/article/china...-idINKCN1MF1CU

    I'm not familiar enough with "business speak" as to be able to tell what type of position "general counsel" is and if it's therefore worth noting these statements. But there's two actual names attached to it.
    General Counsel is just "the biggest lawyer we have" as well as being a first contact for general legal issues
    I see. Many thanks for the explanation.

    So that's some actual beef attached to it, not some "Here's your fancy but worthless title, Now go out there and just make us look good."

    I really can't figure out who to believe more here. On one hand, I doubt that Bloomberg will put out such a quite impacting piece without any real evidence for it. And OTOH, it seems quite suicidal aka "billion dollar civil lawsuits coming in in ...." for both Amazon and Apple to put out such quite detailed denials.

    I do think that something really happened, but Bloomberg - or better yet: their informants, somewhat got the details/timeline wrong*). Which would make both sides wrong and both sides right somehow.

    But whatever the outcome may be, we bystanders have a couple of days ahead of us, while the involved parties play it out.

    *) similar to what Apple stated with that 2015 incident

  4. #664

    Join Date
    May 31, 2011
    Posts
    4,082
    ... sooo (regarding the above) ... all quiet on the western front? Internet, are you still there?

    Given the implications of it and how outspoken both sides have been of their side of the story, it has been an unusual quiet news Monday in regards to this thus far.

  5. #665
    XenosisMk4's Avatar
    Join Date
    July 13, 2017
    Location
    More turbo-lightspeed neoliberal platitudes/virtue signaling/misplaced priorities on full display.
    Posts
    4,860
    Quote Originally Posted by Hel OWeen View Post
    ... sooo (regarding the above) ... all quiet on the western front? Internet, are you still there?

    Given the implications of it and how outspoken both sides have been of their side of the story, it has been an unusual quiet news Monday in regards to this thus far.
    Apple and Amazon said "no, nothing happened" and were backed up by various cybersecurity groups including the UK and the US

    So, until more news comes to light, it's a flat "well nothing I guess" issue

  6. #666
    Daneel Trevize's Avatar
    Join Date
    April 10, 2011
    Location
    T L A
    Posts
    12,378
    Something this scale would easily be covered by National Security Letters. Which you can't talk about even being gagged by. Need some canary mechanisms prepared ahead of time.
    Quote Originally Posted by QuackBot View Post
    Idk about that, and i'm fucking stupid.

  7. #667

    Join Date
    April 13, 2011
    Posts
    6,548
    I dunno right now i'm about 85% sure it's complete bullshit. The denials are too strong, the detail too thin and it doesn't entirely make sense as an attack vector anyway.

  8. #668
    Daneel Trevize's Avatar
    Join Date
    April 10, 2011
    Location
    T L A
    Posts
    12,378
    The ethernet card of a datacentre server doesn't seem a good place to put a sniffer chip?
    Bloomberg put out a new and then updated article today.
    Haven't actually read either yet.
    And
    According to an earlier report by The Information, security concerns were indeed a reason why Apple and Supermicro parted ways.
    Though details seem to revolve around a compromised firmware download server. Same diff tbh, and could have been intentional/forced via Chinese gov.
    Last edited by Daneel Trevize; October 9 2018 at 08:36:18 PM.
    Quote Originally Posted by QuackBot View Post
    Idk about that, and i'm fucking stupid.

  9. #669

    Join Date
    April 13, 2011
    Posts
    6,548
    It's not in the ethernet card. The story was thin on exactly where it was placed, one of many areas it fell short. Based on the photography it seems to be plugged into the BMC. This would make sense.

    ed: Lol, all the graphics and images were only "illustrative"

    And I'm not saying that's a bad place to put a sniffer chip, I'm saying carrying out "highly targeted" attacks by compromising the entire supply chain of one of the biggest electronics manufacturers on earth is not the smartest attack vector. It's too large scale, too easily found and far harder than other alternatives that exist when you operate at that scale.

    The apple/supermicro issue is down to SM repeatedly shipping cards with old firmware. It was well documented at the time.
    Last edited by elmicker; October 9 2018 at 08:54:15 PM.

  10. #670

    Join Date
    May 31, 2011
    Posts
    4,082
    Yeah, the ethernet card thing is a new story from Bloomberg.

    Currently, I'd say the original Bloomberg story is BS. It seems that even one of their sources warned them before they published the story:

  11. #671
    Shaftoes's Avatar
    Join Date
    April 9, 2011
    Location
    Ships
    Posts
    1,709
    Does anyone here read tales from tech support on reddit?

    https://www.reddit.com/r/talesfromte...admin_when_my/

    This guys story about finding a vulnerability in a piece of financial software is incredible. He goes into the technical details about exactly how he found the vulnerability and it is extremely interesting.

  12. #672
    Joe Appleby's Avatar
    Join Date
    April 9, 2011
    Location
    in front of the class
    Posts
    14,400
    Quote Originally Posted by Shaftoes View Post
    Does anyone here read tales from tech support on reddit?

    https://www.reddit.com/r/talesfromte...admin_when_my/

    This guys story about finding a vulnerability in a piece of financial software is incredible. He goes into the technical details about exactly how he found the vulnerability and it is extremely interesting.
    Am on part 2. Don't understand everything as much as I'd like to, but damn it's good.

    Tapapapatalk
    nevar forget

  13. #673
    Movember 2011Movember 2012 Nordstern's Avatar
    Join Date
    April 10, 2011
    Posts
    9,379
    Just read all five parts. InfoSec Jesus warns of the apocalypse, gets crucified, nbs. Complete with 30 pieces of Russian silver.
    Last edited by Nordstern; October 16 2018 at 09:43:29 PM.
    "Holy shit, I ask you to stop being autistic and you debate what autistic is." - spasm
    Quote Originally Posted by Larkonis Trassler View Post
    WTF I hate white people now...

  14. #674

    Join Date
    November 5, 2011
    Posts
    11,281
    Spectacularly good read even if i dont understand the techy details.

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •