1. 13
  1.  

  2. 8

    The response from FTDI seems to indicate that they’re aware of what’s going on and this isn’t some accident.

    1. 6

      Wow. Talk about a big, fat FUCK YOU to everyone bit by this. I think twitter user @macegr sums it up nicely:

      .@FTDIChip @davbbley @mikelectricstuf Your [FTDI’s] response to a supply chain issue is the digital equivalent of sugaring end users' gas tanks?

      1. 2

        …and a day later, that link is now dead and Mr. CEO is in full damage-control mode: http://www.ftdichipblog.com/?p=1053

        “Though our intentions were honorable…”

        (Snort.)

      2. 6

        I’ve contacted Microsoft to report the issue, both by phone and by email to their security folks. Response by email has been prompt and efficient. I spent half an hour being bounced around various people by phone, with everyone I spoke to unable to assist with the reporting of a security issue. Very poor form there.

        1. 5

          An update to this: the security folks have told me it’s not a security issue, but they’re forwarding it to the appropriate team.

          Perhaps I’m biased, but I’d have thought that a Windows Update that ships malware that bricks thousands of consumer devices without warning would constitute a security issue.

          But hey … at least they’re actioning it, and they responded so quickly. So, FYI: if you have a security issue to report to Microsoft, do it by email. Phone staff are utterly, completely useless for this.

          1. 2

            Another update: Microsoft had already been made aware of the issue, and were investigating. I’ve lodged a formal compliment over the way their security team responded to my report (once I found them). Prompt, helpful, efficient and reassuring.

          2. 4

            FTDIs own website says their chips are used on medical devices:

            https://twitter.com/JohnnySoftware/status/525092883125506048

            Let’s hope that all the manufacturers are 100% certain of their supply chains, from top to bottom. And that there are no bugs in the driver that might cause inadvertent bricking.

            Way to go, FTDI.

              1. 5

                I’ve merged them.

                1. 3

                  [meta] Well that’s a cool new trick, thanks @jcs!