
Ask HN: Did you replace your supermicro motherboards? - andbberger
Ordered a supermicro server a week before the Bloomberg piece.<p>I don&#x27;t reallllly want to replace it because the risk seems so small... but will probably end up doing so.<p>Did you guys replace your supermicro motherboards?<p>Who else makes good server mobos?
======
platinumrad
None of the claims in Bloomberg's recent series on Super Micro have been
confirmed and many doubts have been raised about the quality of the
reporting[3], including by Bloomberg's own sources[2][3]. The affected parties
have all issued strong denials, including to Congress[4], and figures from US
intelligence agencies, where Bloomberg's anonymous sources allegedly worked,
have cast doubt on the story as well[5].

That said, supply chain attacks have always been an issue and it's entirely
possible that Super Micro has been a victim at some point. However, this will
also be true of virtually any other supplier.

[1]
[https://twitter.com/marcan42/status/1049687546945392640](https://twitter.com/marcan42/status/1049687546945392640)

[2]
[https://twitter.com/riskybusiness/status/1049429881031819264](https://twitter.com/riskybusiness/status/1049429881031819264)

[3] [https://www.servethehome.com/yossi-appleboum-disagrees-
bloom...](https://www.servethehome.com/yossi-appleboum-disagrees-bloomberg-is-
positioning-his-research-against-supermicro/)

[4] [https://techcrunch.com/2018/10/08/apple-rebuff-bloomberg-
let...](https://techcrunch.com/2018/10/08/apple-rebuff-bloomberg-letter-
congress/)

[5] [https://www.businessinsider.com/security-community-
voicing-i...](https://www.businessinsider.com/security-community-voicing-
increasing-doubts-about-bombshell-bloomberg-chinese-chip-hacking-2018-10)

------
dangerface
I believe there is some source of truth to the Bloomberg article but it seems
like its maybe not that factual.

I wouldn't worry, I think the hardware attack described was pretty specific to
that hardware. I am assuming that different super micro hardware would require
a different hardware attack.

If china can get into the super micro supply chain they can probably just nip
down the road and do the same thing for hynx or asus or whoever. So even if
its true you are going to have a hard time finding decent hardware that isn't
made in china.

------
throwawaymath
No, I didn't. I still have four Supermicro motherboards running and haven't
changed them out at all.

