Apple stop using Supermicro servers after finding infected firmware

[deed02392]

https://arstechnica.com/information...m-datacenters-because-of-bad-firmware-update/

FYI for the many SM users I know to be here.

I'm in the UK and planning an ESXi server build (with a FreeNAS guest most likely). Given the scarcity of SM here anyway, this might just be enough to convince me that a Gigabyte board might be a worthy alternative after all.

Update:
Supermicro's senior vice-president of technology,Tau Leng, told The Information that Apple had ended its relationship with Supermicro because of the compromised systems in the App Store development environment. Leng also confirmed Apple returned equipment that it had recently purchased.
https://www.theinformation.com/apple-severed-ties-with-server-supplier-after-security-concern

 

[Jailer]

That story sounds awful fishy to me. Apple increasing orders of suppliers with cheaper hardware and all of a sudden they find infected firmware in the Supermicro products and say, "Here's all you stuff back". And not one other customer out there has found this issue?

 

[DrKK]

Yeah, the #fakenews quotient here may be non-zero.

 

[Arwen]

One of the comments on the linked article suggested that Apple found something,
over-reacted and blamed Supermicro. Then, before they followed up with Supermicro,
identified the real problem, which was not Supermicro's fault. Thus, they don't want
to talk about it. Typical big business, run by idiots.

 

[Jailer]

Or an easy way for Apple to back out of a contract without backing out of a contract.........

 

[deed02392]

For those skeptical, Supermicro themselves confirmed there was a security incident and that the infected firmware was made available from Supermicro's own firmware downloads servers. This is stated in the first article and one I link in the update.

 

[wblock]

For those skeptical, Supermicro themselves confirmed there was a security incident and that the infected firmware was made available from Supermicro's own firmware downloads servers. This is stated in the first article and one I link in the update.

Well, it might be, but the "No subscription? You’re missing out." message hides it. Do you have a direct link to a Supermicro statement?

 

[deed02392]

Well, it might be, but the "No subscription? You’re missing out." message hides it. Do you have a direct link to a Supermicro statement?

Far as I can tell he is quoted by The Information presumably in private correspondence, so you can base your trust in the statement on the reputability of The Information and those sites including Ars who were happy to cite that article in turn.

 

[wblock]

I have never even heard of "The Information" before, so have no opinion of their trustworthiness. That is why I would prefer a direct link to Supermicro. A little direct searching did not find anything.

 

[m0nkey_]

I'm reluctant to acknowledge this 'news', considering the fact the article is also behind a paywall and no other technology news outlet suggests this is bogus. I'm very skeptical on this one.

Even Supermicro is calling bullshit on it: https://www.supermicro.com/newsroom/pressreleases/2017/press170224_CYBER_SECURITY.cfm

 

[Jailer]

I'm reluctant to acknowledge this 'news', considering the fact the article is also behind a paywall and no other technology news outlet suggests this is bogus. I'm very skeptical on this one.

Even Supermicro is calling bullcrap on it: https://www.supermicro.com/newsroom/pressreleases/2017/press170224_CYBER_SECURITY.cfm

I didn't figure they would just take that one dry, no matter how large and how much money apple has.