Le 07/09/2017 à 10:48, [email protected] a écrit :
On 09/07/2017 04:30 AM, Alessandro Selli wrote:
On Wed, 6 Sep 2017 at 17:12:27 -0400
zap <[email protected]> wrote:
Agreed! Talos is at least *LIBRE!*
No, it ain't:
https://blog.rapid7.com/2013/07/02/a-penetration-testers-guide-to-ipmi/
"BMCs and the IPMI Protocol
Baseboard Management Controllers (BMCs) are a type of embedded
computer used to provide out-of-band monitoring for desktops and
servers. These products are sold under many brand names,
including HP
iLO, Dell DRAC, Sun ILOM, Fujitsu iRMC, *IBM IMM*, and Supermicro
IPMI."
IBM stuff is plagued by embedded controlware, too.
Alessandro, I've read that thread with great interest and I think
you forgot a "detail": BMC software is open on IBM Power, meaning you
can replace it by your own, or patch the existant if you prefer.
Wether there is yet another backdoor is only a supposition and it
applies to everything you can buy, not specifically IBM. At least, if
there is one, it is known only to the manufacturer and the 3-letter
agencies, not to the general hacker. And I'm optimistic because of the
following law: the time of life of a secret decreases when the number of
persons who share it increases, and in this case there must be a number
of engineers.
Didier
_______________________________________________
Dng mailing list
[email protected]
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
