The Bloomberg story seems politically motivated...
There isn’t enough information do determine fault in the separate firmware incident. It also doesn’t say if Apple resumed using SuperMicro as a supplier...
Bottom line is Apple found a problem and addressed it before it could cause damage. We don’t know the results of their investigation into whom was responsible. Was the firmware modified by a third party? Was it a beta firmware? Was the hardware intercepted and modified after leaving the manufacturer, but before getting to Apple and an exploit introduced?
No enough information... but Bloomberg needs to get their facts straight before publishing rumors.
Bloomberg says they DO have their facts straight. "The companies’ denials are countered by six current and former senior national security officials, who—in conversations that began during the Obama administration and continued under the Trump administration—detailed the discovery of the chips and the government’s investigation. One of those officials and two people inside AWS provided extensive information on how the attack played out at Elemental and Amazon; the official and one of the insiders also described Amazon’s cooperation with the government investigation. In addition to the three Apple insiders, four of the six U.S. officials confirmed that Apple was a victim. In all, 17 people confirmed the manipulation of Supermicro’s hardware and other elements of the attacks. The sources were granted anonymity because of the sensitive, and in some cases classified, nature of the information."
He said, she said...
I think that “confirmation” referred to the case that Apple explicitly explained in their press release... the time they got the one server that had a Trojan, that was judged not to be a targeted attack.
Perhaps they should leave the techie stuff to the likes of Ars Technica.
Bloomberg has a solid track record of reporting on Apple. Apple has a solid track record of saying little of substance when it does not fit their image.
Bloomberg has a solid track record of trolling Apple, as its headed now by Mark Gurman.
Um. No. He's a reporter and definitely "not in charge". His name isn't in this story's by-line either.
Him not writing this piece doesn’t negate my statement. I’m fairly certain Gurman leads their Apple-rumors coverage. Perhaps he’s not involved here because it’s a matter of general tech/security.
I agree with you that most of his stories there involve Apple, with others on Google, Sonos, Samsung, Amazon etc thrown in here and there.
The Bloomberg story seems politically motivated...
There isn’t enough information do determine fault in the separate firmware incident. It also doesn’t say if Apple resumed using SuperMicro as a supplier...
Bottom line is Apple found a problem and addressed it before it could cause damage. We don’t know the results of their investigation into whom was responsible. Was the firmware modified by a third party? Was it a beta firmware? Was the hardware intercepted and modified after leaving the manufacturer, but before getting to Apple and an exploit introduced?
No enough information... but Bloomberg needs to get their facts straight before publishing rumors.
Bloomberg says they DO have their facts straight. "The companies’ denials are countered by six current and former senior national security officials, who—in conversations that began during the Obama administration and continued under the Trump administration—detailed the discovery of the chips and the government’s investigation. One of those officials and two people inside AWS provided extensive information on how the attack played out at Elemental and Amazon; the official and one of the insiders also described Amazon’s cooperation with the government investigation. In addition to the three Apple insiders, four of the six U.S. officials confirmed that Apple was a victim. In all, 17 people confirmed the manipulation of Supermicro’s hardware and other elements of the attacks. The sources were granted anonymity because of the sensitive, and in some cases classified, nature of the information."
He said, she said...
I find it utterly inconceivable that Apple -- especially Tim Cook -- would not be at least as concerned about such a security intrusion as some Bloomberg reporters or unnamed "former senior security officials" (it's the same crowd that kept harassing Apple to create backdoors and to give intrusive access to iOS devices to the likes of the FBI).
I am quite satisfied -- as both a consumer and a shareholder -- with Apple's unambiguous denial of this claim. I'd take Apple's word over that of these media/Washington DC types.
If Bloomberg is wrong, nobody will care in a month.
If Apple is lying, then the SEC will ultimately dole out a massive fine and the entire saga will be in the press for a very long time.
Yeah. I'm pretty sure that Apple's presenting the situation accurately.
I suspect this is a national security issue which means the involved players can deny all they want without fear of the SEC who would be prevented from interfering or involving themselves if it's truly an active case. The Bloomberg articles says as much, that it's still an open and classified investigation.
On top of that there never were allegations of a "wide-spread attack" on Apple's servers as alluded to in the AI article so of course that's deniable, and calling any source making that claim (they haven't) laughable might be perfectly appropriate.
Every reference to Apple in the investigative piece (and they were few) indicates Apple caught this early on, never once implying it was persistent and widespread. Amazon also denies anything happened and the whole thing is made up, someone's imagination, despite 17 sources including 6 hi-level current and former intelligence officials claiming otherwise.
That's not how comments about national security issues by publicly traded companies are made, though.
Those are more like "We have no comment, pending the results of a classified investigation" or just no response at all. The SEC can still come after a company that lied in public statements. national security or no.
And, regarding wide-spread. The allegations are that over 5000 servers had the surveillance chip. If that's not wide-spread, then what is?
Where did Bloomberg say that 5000 Apple servers were infected? I totally missed that. AFAICT they don't claim that and I read the article again just now.
As far as the SEC where have you seen that they can ignore national security orders?
My bad, 7000. Bloomberg does say 7000.
Also, FTA, from Apple's response: "In response to Bloomberg's latest version of the narrative, we present the following facts: Siri and Topsy never shared servers; Siri has never been deployed on servers sold to us by Super Micro; and Topsy data was limited to approximately 2,000 Super Micro servers, not 7,000. None of those servers has ever been found to hold malicious chips."
Regarding the SEC - they couldn't ignore a national security order now. However, they can go back to lies by publicly traded companies presented during the time of the investigation and drop the hammer on companies. If Apple, and Amazon are under a national security order, they wouldn't have said a single thing.
This is a funny hill for you to die on, man. Occam's razor applies here -- the simplest explanation is that Bloomberg is wrong, because the stakes are too high for Apple and Amazon to lie about it.
No one is accusing them of lying, and no one is claiming there was any security breach at Apple. Nor is Bloomberg claiming your revised 7000 servers number was infected with anything at all. It appears to me the reason for including a mention in the story was to emphasize how many Apple had in place before the returns back to Supermicro started.
But the vendor themselves notes Apple's sudden and unexplained refusal to continue communication with them on the discovered "firmware" issue after initially reporting it: "...when his company (Supermicro) asked Apple's engineers to provide information about the firmware, they gave an incorrect version number—and then refused to give further information.
They also confirm Apple's return of servers already supplied by them. "Supermicro's senior vice-president of technology, Tau Leng, told The Information that Apple had ended its relationship with Supermicro because of the compromised systems in the App Store development environment. Leng also confirmed Apple returned equipment that it had recently purchased."
Occam's Razor says something significant was going on and I'm surprised as an investigative sort yourself that you aren't the least bit curious or better yet suspicious about what it was. The simplest explanation is that the vendor had no reason to lie about either statement, but Apple might have reason for misdirection considering security issues. Lying? I'm not claiming they did and no one else involved is either AFAICT.
Anyway I don't plan on dying on any hill, this is probably the last of my involvement in the thread (Probably). I'm not taking any PR statement at face value and you seem to want to believe even more than was actually stated by Apple. Fair enough. Neither of us have our own unquestionable proof. It's more like in a civil trial, preponderance of the evidence IMHO.
Two people I've been working with for over 20 years and were friends before that gave me the quotes that I put in the story beyond Apple's direct quote.
So yeah, I'm pretty sure about what's going on.
So two people you know makes you pretty sure you know what is going on but all the people who revealed details to Bloomberg just made it up. Seems you want it both ways in terms of sources.
Apple will not talk against China because of it's supply chain and manufacturing in China and Apple sells lots of product in China. It's like you have a** h*** friend but very beneficial so you live with and try to contain his/her indirect assault/damage to you. It's like pros vs cons that you can live with.
The Bloomberg story seems politically motivated...
There isn’t enough information do determine fault in the separate firmware incident. It also doesn’t say if Apple resumed using SuperMicro as a supplier...
Bottom line is Apple found a problem and addressed it before it could cause damage. We don’t know the results of their investigation into whom was responsible. Was the firmware modified by a third party? Was it a beta firmware? Was the hardware intercepted and modified after leaving the manufacturer, but before getting to Apple and an exploit introduced?
No enough information... but Bloomberg needs to get their facts straight before publishing rumors.
Bloomberg says they DO have their facts straight. "The companies’ denials are countered by six current and former senior national security officials, who—in conversations that began during the Obama administration and continued under the Trump administration—detailed the discovery of the chips and the government’s investigation. One of those officials and two people inside AWS provided extensive information on how the attack played out at Elemental and Amazon; the official and one of the insiders also described Amazon’s cooperation with the government investigation. In addition to the three Apple insiders, four of the six U.S. officials confirmed that Apple was a victim. In all, 17 people confirmed the manipulation of Supermicro’s hardware and other elements of the attacks. The sources were granted anonymity because of the sensitive, and in some cases classified, nature of the information."
He said, she said...
I find it utterly inconceivable that Apple -- especially Tim Cook -- would not be at least as concerned about such a security intrusion as some Bloomberg reporters or unnamed "former senior security officials" (it's the same crowd that kept harassing Apple to create backdoors and to give intrusive access to iOS devices to the likes of the FBI).
I am quite satisfied -- as both a consumer and a shareholder -- with Apple's unambiguous denial of this claim. I'd take Apple's word over that of these media/Washington DC types.
If Bloomberg is wrong, nobody will care in a month.
If Apple is lying, then the SEC will ultimately dole out a massive fine and the entire saga will be in the press for a very long time.
Yeah. I'm pretty sure that Apple's presenting the situation accurately.
I suspect this is a national security issue which means the involved players can deny all they want without fear of the SEC who would be prevented from interfering or involving themselves if it's truly an active case. The Bloomberg articles says as much, that it's still an open and classified investigation.
On top of that there never were allegations of a "wide-spread attack" on Apple's servers as alluded to in the AI article so of course that's deniable, and calling any source making that claim (they haven't) laughable might be perfectly appropriate.
Every reference to Apple in the investigative piece (and they were few) indicates Apple caught this early on, never once implying it was persistent and widespread. Amazon also denies anything happened and the whole thing is made up, someone's imagination, despite 17 sources including 6 hi-level current and former intelligence officials claiming otherwise.
That's not how comments about national security issues by publicly traded companies are made, though.
Those are more like "We have no comment, pending the results of a classified investigation" or just no response at all. The SEC can still come after a company that lied in public statements. national security or no.
And, regarding wide-spread. The allegations are that over 5000 servers had the surveillance chip. If that's not wide-spread, then what is?
Where did Bloomberg say that 5000 Apple servers were infected? I totally missed that. AFAICT they don't claim that and I read the article again just now.
As far as the SEC where have you seen that they can ignore national security orders?
My bad, 7000. Bloomberg does say 7000.
Also, FTA, from Apple's response: "In response to Bloomberg's latest version of the narrative, we present the following facts: Siri and Topsy never shared servers; Siri has never been deployed on servers sold to us by Super Micro; and Topsy data was limited to approximately 2,000 Super Micro servers, not 7,000. None of those servers has ever been found to hold malicious chips."
Regarding the SEC - they couldn't ignore a national security order now. However, they can go back to lies by publicly traded companies presented during the time of the investigation and drop the hammer on companies. If Apple, and Amazon are under a national security order, they wouldn't have said a single thing.
This is a funny hill for you to die on, man. Occam's razor applies here -- the simplest explanation is that Bloomberg is wrong, because the stakes are too high for Apple and Amazon to lie about it.
No one is accusing them of lying, and no one is claiming there was any security breach at Apple. Nor is Bloomberg claiming your revised 7000 servers number was infected with anything at all. It appears to me the reason for including a mention in the story was to emphasize how many Apple had in place before the returns back to Supermicro started.
But the vendor themselves notes Apple's sudden and unexplained refusal to continue communication with them on the discovered "firmware" issue after initially reporting it: "...when his company (Supermicro) asked Apple's engineers to provide information about the firmware, they gave an incorrect version number—and then refused to give further information.
They also confirm Apple's return of servers already supplied by them. "Supermicro's senior vice-president of technology, Tau Leng, told The Information that Apple had ended its relationship with Supermicro because of the compromised systems in the App Store development environment. Leng also confirmed Apple returned equipment that it had recently purchased."
Occam's Razor says something significant was going on and I'm surprised as an investigative sort yourself that you aren't the least bit curious or better yet suspicious about what it was. The simplest explanation is that the vendor had no reason to lie about either statement, but Apple might have reason for misdirection considering security issues. Lying? I'm not claiming they did and no one else involved is either AFAICT.
Anyway I don't plan on dying on any hill, this is probably the last of my involvement in the thread (Probably). I'm not taking any PR statement at face value and you seem to want to believe even more than was actually stated by Apple. Fair enough. Neither of us have our own unquestionable proof. It's more like in a civil trial, preponderance of the evidence IMHO.
Two people I've been working with for over 20 years and were friends before that gave me the quotes that I put in the story beyond Apple's direct quote.
So yeah, I'm pretty sure about what's going on.
So two people you know makes you pretty sure you know what is going on but all the people who revealed details to Bloomberg just made it up. Seems you want it both ways in terms of sources.
How convenient that you're ignoring that Tim Cook, CEO, also says this did not happen. Anonymous sources can lie or get things wrong. Apple's very top leadership is not going to outright lie to its investors, it would create massive problems for them that they would not survive.
The Bloomberg story seems politically motivated...
There isn’t enough information do determine fault in the separate firmware incident. It also doesn’t say if Apple resumed using SuperMicro as a supplier...
Bottom line is Apple found a problem and addressed it before it could cause damage. We don’t know the results of their investigation into whom was responsible. Was the firmware modified by a third party? Was it a beta firmware? Was the hardware intercepted and modified after leaving the manufacturer, but before getting to Apple and an exploit introduced?
No enough information... but Bloomberg needs to get their facts straight before publishing rumors.
Bloomberg says they DO have their facts straight. "The companies’ denials are countered by six current and former senior national security officials, who—in conversations that began during the Obama administration and continued under the Trump administration—detailed the discovery of the chips and the government’s investigation. One of those officials and two people inside AWS provided extensive information on how the attack played out at Elemental and Amazon; the official and one of the insiders also described Amazon’s cooperation with the government investigation. In addition to the three Apple insiders, four of the six U.S. officials confirmed that Apple was a victim. In all, 17 people confirmed the manipulation of Supermicro’s hardware and other elements of the attacks. The sources were granted anonymity because of the sensitive, and in some cases classified, nature of the information."
He said, she said...
I find it utterly inconceivable that Apple -- especially Tim Cook -- would not be at least as concerned about such a security intrusion as some Bloomberg reporters or unnamed "former senior security officials" (it's the same crowd that kept harassing Apple to create backdoors and to give intrusive access to iOS devices to the likes of the FBI).
I am quite satisfied -- as both a consumer and a shareholder -- with Apple's unambiguous denial of this claim. I'd take Apple's word over that of these media/Washington DC types.
If Bloomberg is wrong, nobody will care in a month.
If Apple is lying, then the SEC will ultimately dole out a massive fine and the entire saga will be in the press for a very long time.
Yeah. I'm pretty sure that Apple's presenting the situation accurately.
I suspect this is a national security issue which means the involved players can deny all they want without fear of the SEC who would be prevented from interfering or involving themselves if it's truly an active case. The Bloomberg articles says as much, that it's still an open and classified investigation.
On top of that there never were allegations of a "wide-spread attack" on Apple's servers as alluded to in the AI article so of course that's deniable, and calling any source making that claim (they haven't) laughable might be perfectly appropriate.
Every reference to Apple in the investigative piece (and they were few) indicates Apple caught this early on, never once implying it was persistent and widespread. Amazon also denies anything happened and the whole thing is made up, someone's imagination, despite 17 sources including 6 hi-level current and former intelligence officials claiming otherwise.
That's not how comments about national security issues by publicly traded companies are made, though.
Those are more like "We have no comment, pending the results of a classified investigation" or just no response at all. The SEC can still come after a company that lied in public statements. national security or no.
And, regarding wide-spread. The allegations are that over 5000 servers had the surveillance chip. If that's not wide-spread, then what is?
Where did Bloomberg say that 5000 Apple servers were infected? I totally missed that if it's there. AFAICT they don't claim that and I read the article again just now.
As regards the SEC what leads you to believe they can involve themselves in a classified national security investigation? It looks to me like "classified and national security" would trump any SEC investigation, in fact any other civil agency probe.
On top of that Apple's statement was both extremely specific and at the same time quite vague. IMHO the very specific claim alluded to could well be true without the Bloomberg article being false.
Apple: "Apple has never found malicious chips, “hardware manipulations” or vulnerabilities purposely planted in any server" Bloomberg: "Three senior insiders at Apple say that in the summer of 2015, it, too, found malicious chips on Supermicro motherboards." Supposedly this was discovered within a lab setting and not in one of their server farms? I think that's the claim.
This is another relevant quote from the Bloomberg article. Pretty obviously incompatible with Apple's denial:
"As for Apple, one of the three senior insiders says that in the summer of 2015, a few weeks after it identified the malicious chips, the company started removing all Supermicro servers from its data centers, a process Apple referred to internally as “going to zero.” Every Supermicro server, all 7,000 or so, was replaced in a matter of weeks, the senior insider says. (Apple denies that any servers were removed.) In 2016, Apple informed Supermicro that it was severing their relationship entirely—a decision a spokesman for Apple ascribed in response to Businessweek’s questions to an unrelated and relatively minor security incident."
The implication of the article is that those servers were compromised and replaced. Apple is saying, emphatically, that they were neither compromised nor replaced.
The Bloomberg story seems politically motivated...
There isn’t enough information do determine fault in the separate firmware incident. It also doesn’t say if Apple resumed using SuperMicro as a supplier...
Bottom line is Apple found a problem and addressed it before it could cause damage. We don’t know the results of their investigation into whom was responsible. Was the firmware modified by a third party? Was it a beta firmware? Was the hardware intercepted and modified after leaving the manufacturer, but before getting to Apple and an exploit introduced?
No enough information... but Bloomberg needs to get their facts straight before publishing rumors.
Bloomberg says they DO have their facts straight. "The companies’ denials are countered by six current and former senior national security officials, who—in conversations that began during the Obama administration and continued under the Trump administration—detailed the discovery of the chips and the government’s investigation. One of those officials and two people inside AWS provided extensive information on how the attack played out at Elemental and Amazon; the official and one of the insiders also described Amazon’s cooperation with the government investigation. In addition to the three Apple insiders, four of the six U.S. officials confirmed that Apple was a victim. In all, 17 people confirmed the manipulation of Supermicro’s hardware and other elements of the attacks. The sources were granted anonymity because of the sensitive, and in some cases classified, nature of the information."
He said, she said...
I find it utterly inconceivable that Apple -- especially Tim Cook -- would not be at least as concerned about such a security intrusion as some Bloomberg reporters or unnamed "former senior security officials" (it's the same crowd that kept harassing Apple to create backdoors and to give intrusive access to iOS devices to the likes of the FBI).
I am quite satisfied -- as both a consumer and a shareholder -- with Apple's unambiguous denial of this claim. I'd take Apple's word over that of these media/Washington DC types.
If Bloomberg is wrong, nobody will care in a month.
If Apple is lying, then the SEC will ultimately dole out a massive fine and the entire saga will be in the press for a very long time.
Yeah. I'm pretty sure that Apple's presenting the situation accurately.
I suspect this is a national security issue which means the involved players can deny all they want without fear of the SEC who would be prevented from interfering or involving themselves if it's truly an active case. The Bloomberg articles says as much, that it's still an open and classified investigation.
On top of that there never were allegations of a "wide-spread attack" on Apple's servers as alluded to in the AI article so of course that's deniable, and calling any source making that claim (they haven't) laughable might be perfectly appropriate.
Every reference to Apple in the investigative piece (and they were few) indicates Apple caught this early on, never once implying it was persistent and widespread. Amazon also denies anything happened and the whole thing is made up, someone's imagination, despite 17 sources including 6 hi-level current and former intelligence officials claiming otherwise.
That's not how comments about national security issues by publicly traded companies are made, though.
Those are more like "We have no comment, pending the results of a classified investigation" or just no response at all. The SEC can still come after a company that lied in public statements. national security or no.
And, regarding wide-spread. The allegations are that over 5000 servers had the surveillance chip. If that's not wide-spread, then what is?
Where did Bloomberg say that 5000 Apple servers were infected? I totally missed that. AFAICT they don't claim that and I read the article again just now.
As far as the SEC where have you seen that they can ignore national security orders?
My bad, 7000. Bloomberg does say 7000.
Also, FTA, from Apple's response: "In response to Bloomberg's latest version of the narrative, we present the following facts: Siri and Topsy never shared servers; Siri has never been deployed on servers sold to us by Super Micro; and Topsy data was limited to approximately 2,000 Super Micro servers, not 7,000. None of those servers has ever been found to hold malicious chips."
Regarding the SEC - they couldn't ignore a national security order now. However, they can go back to lies by publicly traded companies presented during the time of the investigation and drop the hammer on companies. If Apple, and Amazon are under a national security order, they wouldn't have said a single thing.
This is a funny hill for you to die on, man. Occam's razor applies here -- the simplest explanation is that Bloomberg is wrong, because the stakes are too high for Apple and Amazon to lie about it.
No one is accusing them of lying, and no one is claiming there was any security breach at Apple. Nor is Bloomberg claiming your revised 7000 servers number was infected with anything at all. It appears to me the reason for including a mention in the story was to emphasize how many Apple had in place before the returns back to Supermicro started.
But the vendor themselves notes Apple's sudden and unexplained refusal to continue communication with them on the discovered "firmware" issue after initially reporting it: "...when his company (Supermicro) asked Apple's engineers to provide information about the firmware, they gave an incorrect version number—and then refused to give further information.
They also confirm Apple's return of servers already supplied by them. "Supermicro's senior vice-president of technology, Tau Leng, told The Information that Apple had ended its relationship with Supermicro because of the compromised systems in the App Store development environment. Leng also confirmed Apple returned equipment that it had recently purchased."
Occam's Razor says something significant was going on and I'm surprised as an investigative sort yourself that you aren't the least bit curious or better yet suspicious about what it was. The simplest explanation is that the vendor had no reason to lie about either statement, but Apple might have reason for misdirection considering security issues. Lying? I'm not claiming they did and no one else involved is either AFAICT.
Anyway I don't plan on dying on any hill, this is probably the last of my involvement in the thread (Probably). I'm not taking any PR statement at face value and you seem to want to believe even more than was actually stated by Apple. Fair enough. Neither of us have our own unquestionable proof. It's more like in a civil trial, preponderance of the evidence IMHO.
Two people I've been working with for over 20 years and were friends before that gave me the quotes that I put in the story beyond Apple's direct quote.
So yeah, I'm pretty sure about what's going on.
So two people you know makes you pretty sure you know what is going on but all the people who revealed details to Bloomberg just made it up. Seems you want it both ways in terms of sources.
I don't feel like you read the the story, Apple's now two responses, and Amazon's response, or the other things about the SEC.
And yes, I will pick two sources that I've known personally for a very long time over unknown ones from Bloomberg -- a venue who continues to get basic facts wrong about Apple -- any day.
Super Micro Computer, Inc. has lost half its value since the Bloomberg story dropped, erasing a billion dollars of inventor value.
I would say that his gives Bloomberg a strong motive to have their facts straight too. If this is the result of shoddy reporting, they could be sued for slander I presume.
Super Micro Computer, Inc. has lost half its value since the Bloomberg story dropped, erasing a billion dollars of inventor value.
I would say that his gives Bloomberg a strong motive to have their facts straight too. If this is the result of shoddy reporting, they could be sued for slander I presume.
They'd have to be sued, and the burden of proof would have to be on the accuser that Bloomberg lied intentionally specifically to drive the stock price down.
Super Micro Computer, Inc. has lost half its value since the Bloomberg story dropped, erasing a billion dollars of inventor value.
I would say that his gives Bloomberg a strong motive to have their facts straight too. If this is the result of shoddy reporting, they could be sued for slander I presume.
It would be interesting to see if any of their "friends" shorted SMC in the days prior to the article...
Super Micro Computer, Inc. has lost half its value since the Bloomberg story dropped, erasing a billion dollars of inventor value.
I would say that his gives Bloomberg a strong motive to have their facts straight too. If this is the result of shoddy reporting, they could be sued for slander I presume.
And you would presume wrongly. Neither Bloomberg nor any other news organization has to have its facts straight for anything. Just look at the recent debacle surrounding Washington. It takes a special kind of proof to get any judgement against a news source. As has been stated earlier, if Bloomberg is wrong nobody cares and it will sink into the bit bucket of blather. If Apple or Amazon is lying they will suffer severe consequences from the SEC. Just ask Elon Musk about that.
Bottom line for me? I believe Apple is telling the truth and Bloomberg is just wrong.
Super Micro Computer, Inc. has lost half its value since the Bloomberg story dropped, erasing a billion dollars of inventor value.
I would say that his gives Bloomberg a strong motive to have their facts straight too. If this is the result of shoddy reporting, they could be sued for slander I presume.
And you would presume wrongly. Neither Bloomberg nor any other news organization has to have its facts straight for anything. Just look at the recent debacle surrounding Washington. It takes a special kind of proof to get any judgement against a news source. As has been stated earlier, if Bloomberg is wrong nobody cares and it will sink into the bit bucket of blather. If Apple or Amazon is lying they will suffer severe consequences from the SEC. Just ask Elon Musk about that.
Bottom line for me? I believe Apple is telling the truth and Bloomberg is just wrong.
I just looked it up and Super Micro Computer, Inc. could very well win a suit if the facts of this article are wrong. If they went forward with this article with reckless disregard for the truth, Bloomberg could be in for a world of hurt.
Personally, I believe Apple, but I expect there is some kernel of true about the big picture. Too bad the other media outlets are leading off with "Servers at Apple and Amazon where compromised by the Chinese, report says."
The Bloomberg story seems politically motivated...
There isn’t enough information do determine fault in the separate firmware incident. It also doesn’t say if Apple resumed using SuperMicro as a supplier...
Bottom line is Apple found a problem and addressed it before it could cause damage. We don’t know the results of their investigation into whom was responsible. Was the firmware modified by a third party? Was it a beta firmware? Was the hardware intercepted and modified after leaving the manufacturer, but before getting to Apple and an exploit introduced?
No enough information... but Bloomberg needs to get their facts straight before publishing rumors.
I am kind of curious what Politics are at play here.
What we do not know about this, when did this first happen, it was found in 2015, how long have modified PBA's being in production with this chip onboard. Yeah Apple is not doing business with them today, but were they before 2015 and how many if any servers have the rouge chip on the boards.
I am personally familiar with Supermicro operations I have been in their factories and familiar with their board testing and the such. To make this happen two things had to happen, first the PCB design file needs to be modified, not too hard since the CAD and Gerber files have to be shared with the PCB manufacturer and Supermicro uses Chinese companies, like most high volume manufactures.
The next and more difficult thing to do is to have the chip placed on the board. The part would need to be bought or smuggle into the PBA facility and the pick and place machine file would need to be modified to add the part, and someone actively has to put the part into the pick and place machines. This also means the test matrix algorithms had to be modify so the chip did not interfere with other tests run on the PBA. This means company who makes the PBA has to be actively involved. I know Supermicro made some of their high performance PBA in Taiwan in their own factory, then ship PBA to the Fremont facility to be assemble into systems and tested. It sounds like Supermicro outsources the PBA to another Chinese company to place the parts on the board.
If you read the Bloomberg piece it explains how the purported scheme was accomplished according to hi-level security and intelligence officials.
It does not say, it just gives the high level review, I gave the details of how it would need to happen and it would required lots of players to make it happen and may have needed inside help. I can tell you it not easily to make all those changes and not raise some level of suspicion.
As the experts said, just because they got the chip on the board does not mean they could easily access it, they would need to know where each unit ended up. One things network security experts look for is watching for outgoing traffic going to a IP address which did not have a corresponding incoming request. These things could not phone home with out drawing some attention. This is exactly what I do at my home I monitor all going traffic from my computer and get warning if something is try to transmit information form my computer without my direct permission. I found a app trying to communicate with .RU domain, shut that sucker down.
I find it difficult to believe that Bloomberg would risk fabricating this whole story. It seems more likely that deals were made behind the scenes to use this to pressure China to back off on IP theft and open up their markets. Apple and Amazon would benefit from this much more than pissing off China by going public.
That is a nonsensical conspiracy theory. AAPL fell over $4 today; AMZN fell by an even greater percentage than Apple. The change in the market value of these two stock alone explains a considerable chunk of today's fall in the NASDAQ and the DOW (i.e., the fall in their price is the leading cause, not the effect, of the market decline today).
This is not the kind of risk-taking that Apple is into, period. I'll (charitably) assume that you don't much about the company.
Wow so much at stake... The simplest answer to me is avoid the cloud? I have read articles about US routers having NSA/patriot act back doors? Is the mandatory incremental push to cloud backups represented in iOS 12, at least for those not so inclined to deal with the technical and paid alternative options ? Is there 'belief' (assumption), historical fact, and (less used) logic, based on potential risks? Is point source content, especially if deemed highly verifiable (iCloud history) a prime target? I simply do not understand the risks so many seem willing to take (gmail) to save a few dollars?
S/MIME took me a day, irrespective of pro/con, and I ask if Apple is so into privacy this is not offered at install ? Lots to consider - why is all this still feeling so wild west to me...? (because it is?
Folks the fact Apple came out and said none of their servers had the chip, had serious implications, Apple is publicly traded company and if this is in fact not true they would have a serious issues with the SEC. If the government was investigating this the Government would know if Apple was lying. For all we know when Supermicro found out they recall the units to get them out of the field. SM could have done a quite recall with out drawing much attention.
Super Micro Computer, Inc. has lost half its value since the Bloomberg story dropped, erasing a billion dollars of inventor value.
I would say that his gives Bloomberg a strong motive to have their facts straight too. If this is the result of shoddy reporting, they could be sued for slander I presume.
And you would presume wrongly. Neither Bloomberg nor any other news organization has to have its facts straight for anything. Just look at the recent debacle surrounding Washington. It takes a special kind of proof to get any judgement against a news source. As has been stated earlier, if Bloomberg is wrong nobody cares and it will sink into the bit bucket of blather. If Apple or Amazon is lying they will suffer severe consequences from the SEC. Just ask Elon Musk about that.
Bottom line for me? I believe Apple is telling the truth and Bloomberg is just wrong.
I just looked it up and Super Micro Computer, Inc. could very well win a suit if the facts of this article are wrong. If they went forward with this article with reckless disregard for the truth, Bloomberg could be in for a world of hurt.
Personally, I believe Apple, but I expect there is some kernel of true about the big picture. Too bad the other media outlets are leading off with "Servers at Apple and Amazon where compromised by the Chinese, report says."
That is because no one knows who Supermirco is or Elemental, Apple and Amazon is more of click bait, just another shining example the media is not about being correct or forth right its all about creating FUD and money for their pockets.
Comments
I think that “confirmation” referred to the case that Apple explicitly explained in their press release... the time they got the one server that had a Trojan, that was judged not to be a targeted attack.
Nice try tho.
"As for Apple, one of the three senior insiders says that in the summer of 2015, a few weeks after it identified the malicious chips, the company started removing all Supermicro servers from its data centers, a process Apple referred to internally as “going to zero.” Every Supermicro server, all 7,000 or so, was replaced in a matter of weeks, the senior insider says. (Apple denies that any servers were removed.) In 2016, Apple informed Supermicro that it was severing their relationship entirely—a decision a spokesman for Apple ascribed in response to Businessweek’s questions to an unrelated and relatively minor security incident."
The implication of the article is that those servers were compromised and replaced. Apple is saying, emphatically, that they were neither compromised nor replaced.
And yes, I will pick two sources that I've known personally for a very long time over unknown ones from Bloomberg -- a venue who continues to get basic facts wrong about Apple -- any day.
I would say that his gives Bloomberg a strong motive to have their facts straight too. If this is the result of shoddy reporting, they could be sued for slander I presume.
Bottom line for me? I believe Apple is telling the truth and Bloomberg is just wrong.
Right, the NSA has spies on Chinese assembly lines installing these chips so they can spy on China? Really?
Personally, I believe Apple, but I expect there is some kernel of true about the big picture. Too bad the other media outlets are leading off with "Servers at Apple and Amazon where compromised by the Chinese, report says."
As the experts said, just because they got the chip on the board does not mean they could easily access it, they would need to know where each unit ended up. One things network security experts look for is watching for outgoing traffic going to a IP address which did not have a corresponding incoming request. These things could not phone home with out drawing some attention. This is exactly what I do at my home I monitor all going traffic from my computer and get warning if something is try to transmit information form my computer without my direct permission. I found a app trying to communicate with .RU domain, shut that sucker down.
This is not the kind of risk-taking that Apple is into, period. I'll (charitably) assume that you don't much about the company.
The simplest answer to me is avoid the cloud?
I have read articles about US routers having NSA/patriot act back doors?
Is the mandatory incremental push to cloud backups represented in iOS 12,
at least for those not so inclined to deal with the technical and paid alternative options ?
Is there 'belief' (assumption), historical fact, and (less used) logic, based on potential risks?
Is point source content, especially if deemed highly verifiable (iCloud history) a prime target?
I simply do not understand the risks so many seem willing to take (gmail) to save a few dollars?
S/MIME took me a day, irrespective of pro/con, and I ask if Apple is so into privacy this is not offered at install ?
Lots to consider - why is all this still feeling so wild west to me...? (because it is?