[pvidler]

Except that it wasn't a lie, as the original article didn't make these claims. Only the HN headline -- which wasn't in the original article -- and this new article contain sensationalised claims ('bogus story', for example).

You could argue that the original was worded to be deliberately confusing, perhaps even implying that the claims were proven, but I certainly didn't find it that way when I read it.

[Symmetry]

Are we talking about the same article that had claims about how most chips are manufactured in China (false) and that the vulnerability could be used in a Stuxnet style attack?

[pvidler]

Can you offer proof that those are both false? The China claim I grant you — especially as the actual claim was 99% (I somehow missed this in my initial reading).

The stuxnet thing is trickier. To make use of this remotely you (or a stuxnet style virus) would need access to a JTAG connection. These come in many forms, including USB (needing access to the host computer — like stuxnet) or Ethernet (needing access to the network). It seems a bit unrealistic because JTAG tends to be used for development, but field-reconfiguration is one of the advantages of FPGAs.

Of course, I believe this specific Actel FPGA uses flash for configuration, which makes updating it in the field somewhat inconvenient and therefore less likely to be used in practice. I remember hearing that this is why NASA switched to Xilinx, as they now require field reconfigurability.

Still, the article certainly wasn't 'bogus', and the new article claiming so contained far more errors. Especially when you read the actual paper and not just the linked press release.