Comment on The Risk of RISC-V: What's Going on at SiFive?
TheHobbyist@lemmy.zip 11 months agoDo you mean that someone can take the design, place a hardware vulnerability and sell it? Sure, but this does not require RISC V to be possible, there are already vulnerable CPUs sold on the market. People have found such vulnerabilities already in reputable Intel CPUs for example (look up Spectre).
IHeartBadCode@kbin.social 11 months ago
Dell iDRAC comes to mind as well.
fuckwit_mcbumcrumble@lemmy.world 11 months ago
iDRAC is specifically designed for remote management of serves. Calling it a back door is silly when it’s more of a front door. It’s how Dell intends for you to manage the server.
t0m5k1@lemmy.world 11 months ago
That’s the same train of thaught I had when telnet was declared a back door in huawei devices.
theregister.com/…/huawei_enterprise_router_backdo…
During the hey day I passed hcna-rs, the first thing we were taught was to just use telnet as a means to enable shh, then log back in and disable telnet.
Moral of the story, do not under estimate a nation state’s use of global tech media to effect a global drop of a product or manufacturer from the market.
IHeartBadCode@kbin.social 11 months ago
LUL. So you’re right but one of the horror stories I tell around campfires is how many folks don’t know about that front door.
So how about we agree to “surprise feature” for iDRAC? And, yes yes, I can feel the “they shouldn’t be admins” coming.
ggppjj@lemmy.world 11 months ago
It has to be enabled, right? So if someone enabling iDRAC doesn’t know that it exists…
Socsa@sh.itjust.works 11 months ago
MFW a so-called cyber security researcher learns about IPMI