Resultados 1 a 3 de 3
  1. #1
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    17,189

    [EN] Apple axed Supermicro servers from data centers after finding infected firmware

    Apple discovered what it believed was a potential security vulnerability in at least one data center server it purchased from a U.S.-based manufacturer, Super Micro Computer. The server was part of Apple’s technical infrastructure, which powers its web-based services and holds customer data.

    Apple ended up terminating its yearslong business relationship with Super Micro, according to Tau Leng, a senior vice president of technology for Super Micro, and a person who was told about the incident by a senior infrastructure engineering executive at Apple. The tech giant even returned some of Super Micro’s servers to the company, according to one of the people briefed about the incident.

    Sean Gallagher
    2/24/2017

    Siri, internal development servers affected by fake firmware patch.

    A mid-2016 security incident led to Apple purging its data centers of servers built by Supermicro, including returning recently purchased systems, according to a report by The Information. Malware-infected firmware was reportedly detected in an internal development environment for Apple's App Store, as well as some production servers handling queries through Apple's Siri service.

    An Apple spokesperson denied there was a security incident. However, Supermicro's senior vice-president of technology, Tau Leng, told The Information that Apple had ended its relationship with Supermicro because of the compromised systems in the App Store development environment. Leng also confirmed Apple returned equipment that it had recently purchased. An anonymous source was cited as the source of the information regarding infected Siri servers.

    Apple has used a variety of other companies' server hardware—since the company got out of the server business itself and never used its own in datacenters—including servers from HP and storage from NetApp. A few years ago, Apple added Supermicro as a supplier for some of its development and data center computing infrastructure.

    But Apple has been squeezing the cost of its data center supply chain and moving toward more custom hardware much like the other cloud giants. In August of 2016, Digitimes reported Apple was increasing its orders for full-rack systems from the integrator ZT Systems and adding the China-based Inspur as a server supplier.

    Leng told The Information that Apple was the only company to report the firmware issue, and he said the servers are used by thousands of customers. He asserted that when his company asked Apple's engineers to provide information about the firmware, they gave an incorrect version number—and then refused to give further information.

    Update: A source familiar with the case at Apple told Ars that the compromised firmware affected servers in Apple's design lab, and not active Siri servers. The firmware, according to the source, was downloaded directly from Supermicro's support site—and that firmware is still hosted there.

    Apple issued the following official comment:

    Apple is deeply committed to protecting the privacy and security of our customers and the data we store. We are constantly monitoring for any attacks on our systems, working closely with vendors and regularly checking equipment for malware. We’re not aware of any data being transmitted to an unauthorized party nor was any infected firmware found on the servers purchased from this vendor

    https://arstechnica.com/information-...rmware-update/
    Última edição por 5ms; 26-02-2017 às 11:27.

  2. #2
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    17,189
    Apple deleta diversos servidores infectados com malwares

    Em algum momento de 2016, a Apple teve um problema um pouco sério em 2016: um dos data centers que consolidam diversos servidores da Maçã tiveram firmwares infectados instalados, colocando em risco muitos dados da App Store e dos bancos de informações da Siri, algo que é relacionado aos dados pessoais de muitos usuários.

    Qual foi a solução: apagar todos os servidores. A empresa que geria esse aglomerado de servers era a Supermicro. Contudo, um porta-voz da Apple negou que o ocorrido tenha gerado qualquer tipo de incidente com segurança.

    ...

    Outra fonte diz que, na verdade, servidores que lidavam com dados da Siri foram infectados, contrariando a Apple. Por mais que isso gere alguns possíveis problemas de segurança, é algo comum e a Maçã usa servidores de terceiros há muito tempo, pois desistiu de ter seus próprios data centers.
    https://www.tecmundo.com.br/apple/11...a-firmware.htm

  3. #3
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    17,189

    google.com.br | news | página 1 | único artigo em Português

Permissões de Postagem

  • Você não pode iniciar novos tópicos
  • Você não pode enviar respostas
  • Você não pode enviar anexos
  • Você não pode editar suas mensagens
  •