| Bloomberg was rightfully dragged through the mud (IMHO), and like the parent I am immediately distrustful of any technical stories they put out. The issue was not that the BMC hack was implausible, but rather Bloomberg's refusal to supply solid evidence backing up their claims in the face of strong denials and perceived issues with the reporting. A subset of the perceived issues with the reporting: - How do the exploited servers phone home to China, when they were not connected to the open Internet? Not impossible, but it's asking for a lot of trust without more information. [0] - One of the only named sources, Ryan Fitzpatrick, saying the details in their big hack article are identical to an example he constructed for the journalists to show that type of attack is plausible. The entire podcast is a great listen, but here is a direct quote: "In September when he asked me like, 'Okay, hey, we think it looks like a signal amplifier or a coupler. What’s a coupler? What does it look like?' […] I sent him a link to Mouser, a catalog where you can buy a 0.006 x 0.003 inch coupler. Turns out that’s the exact coupler in all the images in the story." [1] - An accusation that the journalists who authored the Big Hack have had a previous story that made a big claim, they had many anonymous sources that back up their claims, but in the end there were extreme doubts of the veracity from people in the know. [2] - Bloomberg sent another reporter, completely separate from the Big Hack article, in their tracks to discreetly talk to sources / involved parties to figure out the truth. [3] Sources: [0] https://daringfireball.net/2018/10/bloomberg_the_big_hack [1] https://risky.biz/RB517_feature/ [2] https://threadreaderapp.com/thread/1049617855396933632.html [3] https://www.washingtonpost.com/blogs/erik-wemple/wp/2018/11/... |