A weird followup to the second Bloomberg Supermicro story: Patrick Kennedy of ServerTheHome.com talks directly to Yossi Appleboum of Sepio Systems, a source for the Bloomberg article, who seems to think the story isn't about Supermicro at all.
<<We found it in different vendors, not just Supermicro. We found it not just in servers, in different variations, but hardware manipulation on different interfaces, mostly in network related. >>
<< We found it in different devices connected to the network, even Ethernet switches. I am talking about really big what are considered to be major American brands, many compromised through the same method.
This is why I think that Supermicro has nothing to do with that. In many cases, by the way, it is not through manufacturing, it is after through the supply chain.>>
<<Summarizing Supermicro’s fault in this, he said:
I think they are innocent and someone is using them to dilute the story instead of mitigating the threat. Please help me, them, and everyone else to understand that the problem is bigger. Dealing with this as a Supermicro problem will ruin the opportunity to face the reality that we need to fix it.>>
It is starting to look as if the Bloomberg reporters really don't have any clue.
@natecull The only confirmed threat I'm getting out of all this is Bloomberg.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!