Re: Still Reason to Worry
Methinks the only time it makes sense to embed a chip would be if the server were destined for a classified facility which would wipe and reload (from trusted binaries) every single byte of code on the motherboard.
The hardware strategy would then allow the board to be re-hijacked after it was thought to have been wiped and reloaded.
We may be hearing true story #1 about what happened, and true story #2 about where something else like simple substitution of code for a management processor occurred, but the two stories are mashed up to signal to the perpetrators that the attack is known without disclosing to anyone else where the attack actually occurred.
Now if the perpetrator could only control the motherboard model supplied in a bulk order to SuperMicro, and only some of those boards went to my hypothetical classified site, then many other such boards could have gone to many other customers, either sitting silent or making mischief, which could be the source of a true but irrelevant statement on the number of end customers who got hardware compromised boards.
Just thinking and speculating, no inside knowledge (and no clearance any time in my life) here.