Schneier on Security: Tagged supply chain

Entries Tagged "supply chain"

Page 4 of 4

That Bloomberg Supply-Chain-Hack Story

Back in October, Bloomberg reported that China has managed to install backdoors into server equipment that ended up in networks belonging to—among others—Apple and Amazon. Pretty much everybody has denied it (including the US DHS and the UK NCSC). Bloomberg has stood by its story—and is still standing by it.

I don’t think it’s real. Yes, it’s plausible. But first of all, if someone actually surreptitiously put malicious chips onto motherboards en masse, we would have seen a photo of the alleged chip already. And second, there are easier, more effective, and less obvious ways of adding backdoors to networking equipment.

EDITED TO ADD (12/17): SuperMicro now denies it.

Posted on November 30, 2018 at 6:28 AM • View Comments

Friday Squid Blogging: Squid Falsely Labeled as Octopus

Two New Yorkers have been charged with importing squid from Peru and then reselling it as octopus.

Yet another problem that a blockchain-enabled supply-chain system won’t solve.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Posted on October 26, 2018 at 4:02 PM • View Comments

Sidebar photo of Bruce Schneier by Joe MacInnis.