Reply to post: Frankly I'm amazed the cloud guys even bother with BMC

Decoding the Chinese Super Micro super spy-chip super-scandal: What do we know – and who is telling the truth?

Anonymous Coward
Anonymous Coward

Frankly I'm amazed the cloud guys even bother with BMC

Surely AWS don't bother with a baseboard controller on their servers...i.e. go to the aggravation of allocating an IP, a subnet etc just so some lucky NOC noggin can web or SSH in once in 18 months when the server seems squirrely? I mean their volumes make this deeply unlikely - you'd need hundreds of people to monitor the server estate in that manner. I posit that AWS's ask SuperMicro for custom server designs that don't even bother with the chip.

So while I can well believe the Chinese might attempt something like this, I'm also skeptical that the attack exists as described.

And of course, are we really to believe that the Chinese assumed that AWS's networks would simply allow the rogue chip to phone home for instructions? Those things must be locked up tighter than a gnat's sphincter.

To reiterate: yes I believe the Chinese state has motive, means and opportunity. And as they say on the UK cop shows I watch, they "have prior". I'm just not convinced about this particular attack.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019