A quick one for you. I have received reports, now from multiple sources, that the major torch bearer of the RISC-V platform, a company known as SiFive and formed from the original architects of the RISC-V instruction set, has gone through some major changes.
Ian Cutress muses upon rumors around SiFive, the forerunner of high-performance RISC-V cores.
iDRAC is specifically designed for remote management of serves. Calling it a back door is silly when it’s more of a front door. It’s how Dell intends for you to manage the server.
During the hey day I passed hcna-rs, the first thing we were taught was to just use telnet as a means to enable shh, then log back in and disable telnet.
Moral of the story, do not under estimate a nation state’s use of global tech media to effect a global drop of a product or manufacturer from the market.
I think a more appropriate example in fact is the Intel Management engine. The same as this dell idrac, but not meant for the user. It has been described as an actually intended backdoor.
Dell iDRAC comes to mind as well.
iDRAC is specifically designed for remote management of serves. Calling it a back door is silly when it’s more of a front door. It’s how Dell intends for you to manage the server.
That’s the same train of thought I had when telnet was declared a back door in huawei devices.
https://www.theregister.com/2019/04/30/huawei_enterprise_router_backdoor_is_telnet/
During the hey day I passed hcna-rs, the first thing we were taught was to just use telnet as a means to enable shh, then log back in and disable telnet.
Moral of the story, do not under estimate a nation state’s use of global tech media to effect a global drop of a product or manufacturer from the market.
LUL. So you’re right but one of the horror stories I tell around campfires is how many folks don’t know about that front door.
So how about we agree to “surprise feature” for iDRAC? And, yes yes, I can feel the “they shouldn’t be admins” coming.
It has to be enabled, right? So if someone enabling iDRAC doesn’t know that it exists…
The person enabling it isn’t always still at the company.
MFW a so-called cyber security researcher learns about IPMI
I think a more appropriate example in fact is the Intel Management engine. The same as this dell idrac, but not meant for the user. It has been described as an actually intended backdoor.
https://en.m.wikipedia.org/wiki/Intel_Management_Engine
deleted by creator