This is an interesting piece, which may be correct on some points. But it gets off to a pretty rocky start, building its case around overly aggressive claims directed at uncharitable (some might say crabbed) readings of the Bloomberg piece.
> That first part starting with “telling the device…” is nonsensical.
A fairer statement, in light of the article's own explanation, would have been "assumes that the BMC is networked in an insecure way unusual (perhaps even unheard of) at large sophisticated tech companies, or a network compromised in such a way to bypass blocked egress routes."
In other words: no. The statement is perfectly sensical, and probably even true of many networks. The author simply doubts whether this could be possible in what he regards as a properly configured (and not otherwise compromised) network.
> The next inaccuracy to this paragraph is the line describing BMCs as “giving them access to the most sensitive code even on machines that have crashed or are turned off.” That is not how this technology works.
But the author then goes on to explain how BMCs could indeed be used to power on machines that were previously powered off, potentially allowing access to sensitive data. (Presuming that the machine is also compromised in other ways, presumably by downloading malicious code).
> That first part starting with “telling the device…” is nonsensical.
A fairer statement, in light of the article's own explanation, would have been "assumes that the BMC is networked in an insecure way unusual (perhaps even unheard of) at large sophisticated tech companies, or a network compromised in such a way to bypass blocked egress routes."
In other words: no. The statement is perfectly sensical, and probably even true of many networks. The author simply doubts whether this could be possible in what he regards as a properly configured (and not otherwise compromised) network.
> The next inaccuracy to this paragraph is the line describing BMCs as “giving them access to the most sensitive code even on machines that have crashed or are turned off.” That is not how this technology works.
But the author then goes on to explain how BMCs could indeed be used to power on machines that were previously powered off, potentially allowing access to sensitive data. (Presuming that the machine is also compromised in other ways, presumably by downloading malicious code).