On Fri, 4 Jan 2019 18:57:57 +0000, "David B." "David
wrote:

On 04/01/2019 18:50, default wrote:
On Fri, 4 Jan 2019 09:09:18 +0000, Andy Burns
wrote:

David B. wrote:

nospam wrote:

bloomberg recently ran story about spy chips in servers, which was
questioned from the start and has been shown to be completely false.

I'm always pleased when such matters are investigated.

Recent CCC presentation

https://youtu.be/C7H3V7tkxeA

Thanks.

The gist: yes, it can be done, yes, if I were to do it that's how I'd
do it, BUT, there are much much easier ways to go about it and the
system is so riddled with multiple security flaws that it makes more
sense to use software and hide that in some of the pre-existing
firmware.

If such rogue software *IS* hidden in pre-existing firmware, how would
an 'average computer user' ever know it was there?

The average computer user doesn't stand a chance. Of course the
"average" user isn't likely to be maintaining a server farm either,
which is what the Bloomberg article was about.

The Equifax security breach ran for months before it was discovered,
when it was discovered, they stayed silent about it for a month and a
half. That affected some 150 million people - you don't even have to
own a computer to be screwed.