Chinese Chips - deny, deny, deny

[Quattro Pete]

Since OVERKILL's thread got locked due to people going way off topic... it looks like all the major US companies are denying being affected by the Chinese chip shenanigans, certainly casting serious doubts on Bloomberg's story. Then again, if I was one of those companies, I'd probably deny it as well, even if I was impacted. I'm sure we'll be hearing more about this in the weeks/months to come. https://motherboard.vice.com/en_us/article/qv9npv/bloomberg-china-supermicro-apple-hack

Quote

Even sources used in the original story are confused about what's going on. The cybersecurity podcast Risky Business interviewed one of the few named sources in the original Businessweek article, hardware security expert Joe Fitzpatrick, who expressed doubts about the article, and said he had never been contacted by any Bloomberg fact-checker. Fitzpatrick was used as an expert source to comment on the technical details of what Bloomberg described and does not have any firsthand knowledge of the actual alleged hack. "I have the expertise to look at the technical details and I have the knowledge to look at the technical details and see that they're jumbled. They're not outright wrong, but they are theoretical." Fitzpatrick, a well known hardware security trainer, told Risky Business founder and host Patrick Gray. "I see a lot of details that I gave out of context, so I'm not an expert judge on quality of journalism, but I definitely have my doubts on this one."

 

[StevieC]

I agree it would be better for them to deny until it comes to light and then back pedal and say they didn't have the data available at the time of the original statement to indicate they were affected because they stand a better chance if no one calls them on it.

 

[maxdustington]

Originally Posted by StevieC

I agree it would be better for them to deny until it comes to light and then back pedal and say they didn't have the data available at the time of the original statement to indicate they were affected because they stand a better chance if no one calls them on it.

Or buy them time to throw money at it to make it go away and silence witnesses. Only a fool would give China the benefit of the doubt.

 

[wdn]

So it's another political thread then.

 

[FlyNavyP3]

If I was the Chinese or Russians I'd absolutely love to have a listening or recording or tracking device embedded in just about everything electronic. That's their best shot at gaining access to restricted or classified information especially that of Military or Political value. Read the fiction novel Ghost Fleet for potential implications of such a technology. I'm concerned despite the people saying "It's fine". Also, IBTL...

 

[ArrestMeRedZ]

I think being critical of U.S. neo-Coms like Bernie is political. Being critical of Chi-Coms isn't political, it's nationalistic. I don't think that's against the rules.

 

[emg]

Given the number of backdoors built into modern PCs, another one from China doesn't make that much difference. Another Intel ME hole What astonishes me is that the US government hasn't made computer security a major national security issue.

 

[SubLGT]

Originally Posted by emg

...What astonishes me is that the US government hasn't made computer security a major national security issue.

Astonishes me too. Every individual is expected to be a DIY security expert.

 

[RayCJ]

There's a reason US soldiers are not allowed to use ZTE (Chinese) cell phones when they're deployed overseas and it's the same reason that certain US Citizens under the employ of certain branches of the US Government are encouraged not to use ZTE cell phones. -And that reason is because it's monitoring your GPS coordinates (and other information) in clandestine ways. Ray

 

[RayCJ]

Originally Posted by SubLGT

Originally Posted by emg

...What astonishes me is that the US government hasn't made computer security a major national security issue.

Astonishes me too. Every individual is expected to be a DIY security expert.

A new branch of the DoD was just initiated in the last 6 months called USCybercom. Ray

 

[Ethan1]

Apple dumped Supermicro's products about 2 years ago without explanation, now they're saying there was no problem with them

 

[WhizkidTN]

This would seem to be just the tip of the iceberg concerning the PLA. Sad, but should be expected and prevented!

 

[Linctex]

Originally Posted by ArrestMeRedZ

I think being critical of U.S. neo-Coms like Bernie is political. Being critical of Chi-Coms isn't political, it's nationalistic. I don't think that's against the rules.

I agree. No lock on this topic.

 

[Vikas]

Has anybody checked on the whereabouts of "hardware security expert Joe Fitzpatrick" loved ones lately? I mean if we are finding conspiracies galore, then it is legitimate to ask where are the hostages. I still like SPI chip vs SPY chip explanation as I have not come across anything better than that yet.

 

[Quattro Pete]

Originally Posted by Vikas

Has anybody checked on the whereabouts of "hardware security expert Joe Fitzpatrick" loved ones lately? I mean if we are finding conspiracies galore, then it is legitimate to ask where are the hostages.

Mr. Fitzpatrick looks like he could still be living in his parents' basement. Someone should check with them to make sure he's back home before his curfew. But it's the way the Bloomberg story used him as an expert to assert their credibility that's problematic for me.

 

[Garak]

Originally Posted by Quattro Pete

Mr. Fitzpatrick looks like he could still be living in his parents' basement.

Ever see any pictures of Richard Stallman?

 

[Vikas]

But RMS never claimed to be "security expert"!

 

[Garak]

True. Nonetheless, I suspect he's fairly well versed in the topic.