- May 29, 2011
I feel it's important for people to recognize that spreading this sort of conspiracy theory is problematic. It is certainly something that is *possible* to do in hardware, but it leaves evidence that the supply chain was subverted. It's much better to do in software. Just to give you an idea... go download an IPMI .bin file. Scan it using "binwalk" and extract the two CramFS portions to files. Then, mount them on a Linux system.
mount -o loop -t cramfs cramfile1.bin filesystem1
etc. You too can poke around inside Supermicro IPMI firmware. If you were going to subvert things, this would be a great way to do it. All that frakking code and so much space to hide stuff in.
So keep these things off the Internet. Don't let them access the Internet, either.