Intel Patches Remote Execution Hole That's Been Hidden In Its Chips Since 2008 (theregister.co.uk) 164
Chris Williams reports via The Register: Intel processor chipsets have, for roughly the past nine years, harbored a security flaw that can be exploited to remotely control and infect vulnerable systems with virtually undetectable spyware and other malicious code. Specifically, the bug is in Intel's Active Management Technology (AMT), Standard Manageability (ISM) and Small Business Technology (SBT) firmware versions 6 to 11.6. According to Chipzilla, the security hole allows "an unprivileged attacker to gain control of the manageability features provided by these products." That means hackers exploiting the flaw can silently snoop on a vulnerable machine's users, make changes to files and read them, install rootkits and other malware, and so on. This is possible across the network, or with local access. These management features have been available in various Intel chipsets for years, starting with the Nehalem Core i7 in 2008, all the way up to Kaby Lake Core parts in 2017. According to Intel today, this critical security vulnerability, labeled CVE-2017-5689, was found and reported in March by Maksim Malyutin at Embedi. To get the patch to close the hole, you'll have to pester your machine's manufacturer for a firmware update, or try the mitigations here. These updates are hoped to arrive within the next few weeks.
Read (Score:1)
NSA/GCHQ retire old abilities as windows 10 gains market share.
Re: (Score:3)
You'd have to turn on AMT to begin with in order for this to work.
Re:Just because you're paranoid (Score:4, Interesting)
You'd have to turn on AMT to begin with in order for this to work.
Are you absolutely positive AMT cannot be remotely activated? Given the circumstances and who might be involved in this exploit existing and/or remaining unpatched for such a long time, I wouldn't trust that clicking to un-check that AMT box disables all of it, especially if the vulnerability was deliberate.
This makes me wonder what vulnerability nastiness has remained undiscovered/unreported (intentionally baked-in?) about AMD CPUs and chipsets. You know the TLAs wouldn't ignore AMD.
Strat
Re: Just because you're paranoid (Score:2)
Re: Just because you're paranoid (Score:2)
Re: (Score:2)
If you turn ME off in BIOS then it doesn't load anything above the primitives to get the system up and running, no higher kernel functions, and certainly no AMT code.
In other news, I owe several people here an apology, as I've stood up for my former employer in the past. I still stand by that they took security seriously, but obviously something big got through.
I worked on ME and this is in AMT (A component of ME, but developed by a different team; in Israel, not US... though the entire shooting match is o
Re: (Score:2)
If you turn ME off in BIOS then it doesn't load anything above the primitives to get the system up and running, no higher kernel functions, and certainly no AMT code.
Sorry, but we're to simply trust you on this? I don't think so, nothing personal. Since everything is intentionally made extremely difficult to access in order to confirm what AMT may or may not be capable of, the only sane choice is not to trust it. I know I don't. I don't trust AMD either. I never put any data I truly wish to stay secure on an internet-connected machine. You may as well put it on a thumbdrive and mail it to NSA HQ and save some tax dollars.
The DHS needs to be abolished, their leaders and
Re: (Score:1)
I just realised, that 'government job or office' might not be strict enough.
Imagine these clowns, fired, looking for work.
Where might they work next? And who would benefit from their knowledge?
Re: (Score:2)
Blame SemiAccurate (Score:4, Informative)
According to them, they've been trying to get Intel to patch this for YEARS, and apparently they never bothered to practice responsible public disclosure in order to force intels hand.
Re:Blame SemiAccurate (Score:5, Informative)
That's because SemiAccurate never found an actual bug. Charlie was just concerned about the capabilities of the ME, and that there could be a bug one day. He tried for years to get Intel to just get rid of the ME not to fix any specific bug. You can decide if he was right or not based on this bug.
It is important to note that based on what has been released so far, you had to opt into to using ME in its full mode to be affected. If you just bought a random PC your system isn't vulnerable.
Re: (Score:3)
It is important to note that based on what has been released so far, you had to opt into to using ME in its full mode to be affected. If you just bought a random PC your system isn't vulnerable.
I don't think that's quite accurate. It sounds to me like if you "just bought a random PC", your system isn't remotely vulnerable... but this can still be exploited by an attacker with physical access to your system.
Re:Blame SemiAccurate (Score:4, Informative)
It's likely, they would just need to hit the hotkey to configure the management engine during POST. But, if they have physical access, you're already had anyway unless you encrypt your disk and have passwords enabled everywhere possible by the fact that they could just image the drive and walk away.
Re: (Score:3)
if they have physical access, you're already had anyway unless you encrypt your disk and have passwords enabled everywhere
Access to ME also allows access to the contents of encrypted disks, via direct memory access while the host operating system is reading and writing them and by grabbing the keys used from memory. That's a huge difference.
Re:Blame SemiAccurate (Score:4, Insightful)
Eh, most people figured the entire thing was dreamed up by the NSA as soon as they learned what it did and how it worked.
Great... (Score:1)
Since hardware manufacturers are obviously not going to provide updated firmware to all their products, it would be great if OS providers would patch this.
Re: (Score:2)
Re: Great... (Score:5, Funny)
Re: (Score:3)
No you are actually incorrect. It is common for the operating system to update bugs in specific firmware. For example the microcode for the CPU can either be updated by flashing the BIOS or through an OS update.
Re: (Score:2)
Apparently you just have to make sure the LMS service in Windows is not installed or is disabled. Or not run Windows? That's the software that passes the requests to the firmware.
Re:Great... (Score:5, Informative)
Apparently you just have to make sure the LMS service in Windows is not installed or is disabled. Or not run Windows? That's the software that passes the requests to the firmware.
Not according to this analysis [dreamwidth.org]:
So the firmware is intercepting the traffic before the OS gets it. Turning off the LMS service would stop the remote console, but not the ability to reboot the machine into a remote ISO. At that point, your files would be visible unless you encrypted your drive.
As for not running Windows, that won't help. Further down the page linked above, it has instructions for Linux on how to see whether you are vulnerable. It also says:
Re: (Score:2)
Except this article is about https://nvd.nist.gov/vuln/deta... [nist.gov] which is a local unprivileged user gaining access to AMT via LMS
Turning off LMS mitigates this vulnerability.
The source you quote also says this:
How certain are you about any of this?
Not hugely
Re: (Score:2)
LMS does allow local applications to talk to AMT, but the vulnerability exists over the network whether you have LMS or not.
According to Intel's disclosure [intel.com] (upon which your linked page was based), the correct way to fix this vulnerability is to update the firmware. If you can't do that then you are directed to unprovision the Intel manageability SKU to prevent network attacks and then disable LMS to mitigate against local attacks. From the INTEL-SA-00075 Mitigation Guide [intel.com]:
Re:Great... (Score:5, Informative)
How is Microsoft going to patch something happening in the hardware underneath their OS, without the OS knowing anything about it? In case you haven't played with Intel AMT or vPro, it has some pretty amazing capabilities for remote management, including being able to persist remote control sessions across OS reboots, including being able to enter BIOS / uEFI setup and make changes, as well as mount an ISO image from a network volume as a 'physical' disk and boot off of it.
How could an OS that isn't even running patch that?
Re: (Score:3)
When it *is* running, it could apply the firmware to the BIOS/UEFI system. This may require a reboot somewhere in the middle, but so be it. And then the system would be safe.
Of course, that greatly simplifies the concept since every motherboard has its own variation on BIOS/UEFI. As long as we're dreaming of ponies and rainbows, yeah, this would be nice. But I can see it being a huge headache for MS or Linux distros to manage.
And just think about the poor saps running Hackintosh systems... no way Apple is
Re: (Score:2)
But I can see it being a huge headache for MS or Linux distros to manage.
As well as being certain to break some number of PCs. If stuff goes wrong and your machine won't boot after you apply a firmware update, that's between you and the maker of your machine / motherboard. If your OS decides to do it, even with your approval, then the OS maker is also on the hook.
Re: (Score:2)
Intel has a tool called Firmware update local (fwupdlclw.exe / fwupdlcl.exe) that can update the ME without a reboot of the host OS.
Fun trivia, someone in marketing tried naming it "Intel Firmware Update" and started wondering why all the engineers started laughing our arses off.
Anyway, this tool and a binary image could be deployed via windows update easily enough.
Re: (Score:1, Informative)
Re: (Score:3)
Every single Intel CPU has this hardware. The business SKUs just have it enabled. It's still there with the same blob, likely with the same vulnerability.
Re: (Score:2)
Re: (Score:3)
There is remote provisioning for Intel ME / Intel vPro, but it's not the easiest thing in the world to set up, much less spoof. For example, you would need to have a certificate signed by a public provider that is specifically signed for Intel ME provisioning, and the domain on that cert needs to match the domain being offered by DHCP on the network. This ensures that a public CA has basically signed off on your ownership of that domain, and that you also own your network to a decent degree by controlling
Re: (Score:2)
There is remote provisioning for Intel ME / Intel vPro, but it's not the easiest thing in the world to set up, much less spoof. For example, you would need to have a certificate signed by a public provider that is specifically signed for Intel ME provisioning, and the domain on that cert needs to match the domain being offered by DHCP on the network. This ensures that a public CA has basically signed off on your ownership of that domain, and that you also own your network to a decent degree by controlling the infrastructure.
DHCP is not a secure protocol so no point in even mentioning it.
The ability to legitimately obtain a certificate in exchange for money or illegitimately obtain it by compromising ANYONE who has one is hardly what I would consider an insurmountable hurdle... Barely qualifies as a speed bump for a targeted attack.
Is there even a useful revocation procedure for known fraudulently obtained or compromised certs clients are REQUIRED to follow prior to getting 0wn3d?
Can all of that be beaten?
All of what?
Re: (Score:2)
Is there even a useful revocation procedure for known fraudulently obtained or compromised certs clients are REQUIRED to follow prior to getting 0wn3d?
Yeah. Update your firmware. LOL.
How's the AMT/ME shit going to know about a revoked cert? Yeah, it has full network access, but it might not have access to a DNS server to check a URL for revocation. It might be firewalled off from the net (and given the dangerous nature of this thing, it should be). So, yup. Bad cert from a shitty CA, and someone within your network = you are fucked.
Re: (Score:2, Informative)
Every single Intel CPU has this hardware. The business SKUs just have it enabled. It's still there with the same blob, likely with the same vulnerability.
I would same that it is unlikely that the lowest of Celerons has all the features of the highest Xeon CPU with just some flags to turn off things like vPro. And I think that it is unlikely that they all have the same vulnerability when the security advisory [intel.com] explicitly states that:
Re: (Score:2)
It does exist on intel consumer PCs and this was confirmed over at HN.
Re: (Score:2)
Have you got a link for that?
Re: (Score:2)
The three threads about it are off the HN front page but if you find them the comments dive right into it. It also happens to exist on my consumer DV9000 and DV7 laptops, I checked by simply pinging the ports with those machines off and yet connected to my wired network.
Re: (Score:2)
People have x-rayed these things. The hardware is still there.
Wrong!!!! (Score:1)
The affected LMS service is enabled and run at startup by default in Windows 10.
Actually, right!!!! (Score:5, Informative)
The affected LMS service is enabled and run at startup by default in Windows 10.
Only if you have a CPU and motherboard chipset with vPro, which very few of them do. I had a look at some of the entries on Intel's list of Skylake desktop products [intel.com] for the consumer-level products, but got bored trying to find which of the CPUs had vPro support. I ended up looking at the motherboard chipsets, and only the Q170 supports it. The Z170, H170, Q150, B150, and H110 chipsets do not.
The original poster's point stands, that this does not affect consumer-grade PCs. Most people can happily ignore this vulnerability.
Re: (Score:3)
I may be a shill, but you are a plain nut-job! I provided a list of non-server Skylake CPUs and motherboard chipsets along with a list of the chipset model numbers that have vPro facility. All you provided was a strongly worded and unsupported assertion. If you had wanted to prove me wrong and actually believed your own rantings then you would have gone through the entire list and counted how many do and don't support vPro. Then you could have gloated about how wrong I was. But you didn't, so I will. Of the
Re: (Score:2)
What a disappointingly predictable response. A reply that provides no evidence, and fails to address anything that I said. All we get is name calling and vulgarities. You don't even have the wit to make your insults amusing.
Go on, give me your best shot! Perhaps if you remove your tinfoil hat the CIA might helpfully beam to you some choice phrases.
Re: (Score:2)
Why is this user's Thinkpad listening on AMT ports, meaning exposing an AMT attack surface, even with AMT turned off?
My guess would be that AMT isn't actually turned off, but that remote access is disabled because a strong password has yet to be set. I would also say that a work-supplied laptop that is called the Lenovo ThinkPad T430s Business Laptop may not necessarily qualify as being a "consumer-grade PC" (although I guess some models did come with Windows Home edition).
Re:Explain to me (Score:4, Interesting)
Wait a minute. This (partly intentional) flaw affects practically every Intel-based PC since 2008 and some platforms since 2006. It's true that if you have remote management disabled it appears to lead to local exploits only at first sight, but there are many reasons to believe that even with the option disabled remote exploits may become possible. ME allows the running of signed Java programs on a completely separate core, which are sent via ethernet and have full access to memory and i/o controllers, it can be used to side-channel attack disk encryption and the probability that there is a serious bug that allows for remote exploits in such a complex infrastructure is also fairly high.
Re: (Score:1)
A vulnerability that affects all other chips would be much worse. At least we all have a choice in which architectures we use.
Re: (Score:2, Interesting)
Why do you idiots always assume that the US would be the only country interested in spying? You think Intel is a US company? Think again.
Nine years, eh? (Score:4, Insightful)
Isn't that about how log I've been griping on Slashdot about AMT?
Re: (Score:2)
Not like anyone outside the LAN can break into your computer using AMT unless you have a really messed up router/firewall configuration.
And I believe most laptops have it off by default, which is good because having it on while joining public wireless is a really bad idea.
Re: (Score:2)
... unless you have a really messed up router/firewall configuration.
You mean, like one that uses Intel chips?
Re: (Score:2)
What's the big deal? Just turn it off in the BIOS.
Then how do you know it's really off?
Also: I see to recall documents that said it didn't turn off. Instead it went back to the new-machine configuration, where it would respond to the first comer with adequate credentials to introduce itself as the IT department of its new owner, just getting around to welcoming it to the network and givig it its first configuration.
Re: (Score:2)
No, that's if you unprovision it.
Turning it off in BIOS basically makes it brain dead.
It still loads the lower functions so it can do CPU uCode patch, PMC, and similar, but none of the application level stuff even boots up.
Re: (Score:2)
Turning it off in BIOS basically makes it brain dead.
It still loads the lower functions so it can do CPU uCode patch, PMC, and similar, but none of the application level stuff even boots up.
How do we KNOW that?
It's got the port open. If it's really off, why is it open? It's don't SOMETHING with it.
How do we know. for instamce, that turning it off in the BIOS doesn't just make it useless for the owner's IT organization, but still functional when, say, the NSA does the right "port knocking" or other secret-
Re:Nine years, eh? (Score:4, Informative)
What's the big deal? Just turn it off in the BIOS.
Oh nothing... just forgotten computer within a computer listening on wireless and wired Ethernet interfaces that is never updated and has total access to everything. Nothing to be concerned about.
Not like anyone outside the LAN can break into your computer using AMT unless you have a really messed up router/firewall configuration.
Good point. I mean all consumer routers are secure and can't be hacked with ease to perpetrate such a hack.
AMT is NOT defective by design because even when the system is working properly as designed I have to buy a cert from a valid certificate authority and broadcast DHCP on your LAN with domain corresponding to my cert to own you. This makes AMT secure.
And I believe most laptops have it off by default, which is good because having it on while joining public wireless is a really bad idea.
The first I ever heard about this AMT shit I was pulling my hair out trying to figure out how the F*** ports were open on my laptop computer that don't even show up in the F**** stack. When the ports remained open even after booting a Linux live distro I was even more pissed off... the last straw was when the ports remained open when the computer was turned off....F***** O..F..F...
Oh and by the way you can't disable AMT... there is no option to do that in the bios anywhere and believe me I've looked... the best you can do is disable the MMU which is used to virtualize hardware access so the NICs can be shared by both computers at the same time.
Re: (Score:2)
*most* BIOS's have the ability to turn ME off.
Re: (Score:2)
And I really don't believe your story since almost every laptop with AMT I have ever touched (over two hundred at this point) came with AMT turned off by default.
Especially when you said you disabled your processor's MMU? Are you just randomly googling computer acronyms and using them in your rant? Because there is no logical reason to disable the memory management unit on a standar
Re: (Score:2)
Every system ships with it turned off unless you have some kind of VAR service that images your system and turns it on before you receive it.
It's far more likely that if you have implemented the use of this stuff on your network, that you have an automatic provisioning process to turn it on when it first hits the network.
Was always a backdoor (Score:5, Insightful)
Keep in mind that this is a security hole in a system that was always backdoored by Intel.
It's a separate CPU with its own network connection, outside the control of the main CPU, it has full access to all the system and it was put in place deliberately by Intel. It communicates using SOAP over HTTP or HTTPS.
It has been in all server and business chips FROM INTEL for years now....
It can kill a PC, it can wipe harddisks (killing encryption keys used to access encrypted disks), it can read everything, do anything, rewrite the processor software, bypass any encryption and any security.
Hardware vendors had access to this for years.
So NSA would have had access to this for years.
Russian FSB would have had access to this for years.
China would have had access to this for years.
And now every hacker has access.
When you backdoor technology you end up with bad actors putting Orange Julius in office.
Re: (Score:1)
So NSA would have had access to this for years. Russian FSB would have had access to this for years. China would have had access to this for years.
Hmm.. You forgot to mention the intelligence agency of the country most likely to exploit this "backdoor". In fact, some other posters are doing the same thing. I wonder why.
They listed the top 3? How are you going to rank them?
Re: (Score:2)
It has been in all server and business chips FROM INTEL for years now....
Due to customer demand. They all got sick of paying 3rd party motherboard vendors for the same feature.
Re: (Score:2)
You do know this feature has been in non x86/64 boxes for years right?
Re: (Score:1)
"How bad is this
That depends. Unless you've explicitly enabled AMT at any point, you're probably fine. The drivers that allow
local users to provision the system would require administrative rights to install, so as long as you don't have
them installed then the only local users who can do anything are the ones who are admins anyway. If you do have it enabled, thoug
Re:Was always a backdoor (Score:5, Informative)
Please shut the fuck up, you're only spreading disinformation.
What part of it is technically inaccurate?
AMT is a killer feature for businesses. It allows full remote management and recovery of headless servers. It's not a backdoor, it's a frontdoor. The feature has never been hidden, it's been advertised.
Oh god what year is this? Let me help you.
https://en.wikipedia.org/wiki/... [wikipedia.org]
Crying about Intel is part of your disinformation. You're acting like only Intel does this. AMD does it too as well as some of the smaller companies. It's an extremely useful feature.
Let me help you.
https://en.wikipedia.org/wiki/... [wikipedia.org]
However, the companies know the risks (or just want to charge you more for more features) so you have to enable it. You can buy the machines pre-enabled or you can enable it yourself, but it's not enabled by default on consumer PCs. This bug only effects systems with AMT turned on.
I'm a consumer. It came listening on TCP ports on my computer and I sure as f*** never turned it on.
Re: (Score:2)
Re:Was always a backdoor (Score:4, Insightful)
Okay, can you audit the contents of the firmware of AMT to be sure it don't have any sort of backdoor or truly disable it?
Re: (Score:3, Insightful)
Re: (Score:2)
Because of the lack of standardization for BIOS, the only operation that I ever had to do non-remotely is configuring the BIOS for any new motherboard.
There's your use case for AMT, right there. That, and reinstalling the OS. Oh, and booting from an ISO to run things like Memtest86 and other offline diagnostic software. Basically anything where you may need to interact with the system before the OS has booted.
That said, I don't believe it's worth the risk to enable AMT and make it accessible over the public internet, but you weren't asking for that, you were seeking use cases and I gave you a handful.
Re: (Score:2)
Then you'll have to check the schematics you used when you hand assembled your motherboard and wrote the all the firmware for it and see what things you enabled.
Re: (Score:2)
Re: (Score:2)
The price you pay for buying components instead of paying someone else to construct them is that working that out is now your problem.
Machine means the computer as a whole and whom you bought it from. Since you effectively bought it from yourself the company to contact would be yourself. In turn you'd likely pass yourself along to the motherboard manufacturer since that would be where the enabling and disabling of CPU features and chipset choices would be.
More information please! (Score:3, Interesting)
* Does this affect every PC, or just people who bought special "business class" computers?
* If it affects all PCs, does "pester your machine's manufacturer for a firmware update" mean the same thing as "check your motherboard manufacturer's website for a patch," or does it imply that you're SOL if you built your own PC from parts?
* Intel's patch is Windows only. Does it affect Linux, or is Intel just being lazy?
* Should I tell my family to buy new PCs if their old PCs are out of warranty?
Re:More information please! (Score:5, Informative)
Some help is here
http://mjg59.dreamwidth.org/48... [dreamwidth.org]
That was in one of the articles
Re: (Score:1)
You'd still need the root password, so it's not bad advice, since the connection through AMT is (theoretically) secured through other means.
Re: (Score:1, Informative)
Re: (Score:2, Informative)
If your system doesn't support AMT (which, if you're not running a "business-class" machine, it almost definitely does not because that's a special feature you need to pay extra to get), then it doesn't affect you.
AMT is included in every Intel processor sold today. It requires motherboard and network chipset support, but a large portion of consumer devices have Intel supplied chipsets for those too, which are almost certainly enabled for it. What you are talking about is the public-key based Enterprise features, which you need to license separately (usually through the management software that you purchase). But the basics are there - try connecting to your machine on a browser from another machine (from localhost
Re:More information please! (Score:4, Insightful)
The above posts are disinformation. We're talking about Intel Management Engine, not AMT, the latter is the service, the former is not optional. ME is installed on nearly every Intel-based chipset/motherboard combo since 2008. That's well known and has been discussed for a long time, and it's not unreasonable to assume that the ME has been designed with backdoor features in mind from the start by Israel/US chip developers (though of course nobody in public has a proof for that).
The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional[32] part in all current (as of 2015) Intel chipsets.[33] According to an independent analysis by Igor Skochinsky, it is based on an ARC core, and the Management Engine runs the ThreadX RTOS from Express Logic. According to this analysis, versions 1.x to 5.x of the ME used the ARCTangent-A4 (32-bit only instructions) whereas versions 6.x to 8.x use the newer ARCompact (mixed 32- and 16-bit instruction set architecture). Starting with ME 7.1, the ARC processor can also execute signed Java applets. The ME state is stored in a partition of the SPI flash, using the Embedded Flash File System (EFFS).[34]
The ME has its own MAC and IP address for the out-of-band interface, with direct access to the Ethernet controller; one portion of the Ethernet traffic is diverted to the ME even before reaching the host's operating system, for what support exists in various Ethernet controllers, exported and made configurable via Management Component Transport Protocol (MCTP).[35][36] The ME also communicates with the host via PCI interface.[34] Under Linux, communication between the host and the ME is done via /dev/mei.[33]
Until the release of Nehalem processors, the ME was usually embedded into the motherboard's northbridge, following the Memory Controller Hub (MCH) layout.[37] With the newer Intel architectures (Intel 5 Series onwards), ME is included into the Platform Controller Hub (PCH).[38][39]
Quote from Wikipedia Article [wikipedia.org]
More info: Hackaday article [hackaday.com], on attempts to neutralizing it, Slides by Igor Skochinsky [slideshare.net], CCC talk by Jana Rutkowska [hackaday.com], short 2016 hackaday article [hackaday.com]. There is plenty of more information on the Net if you care to look it up. Theoretically, ME only gives total access locally, if AMT features are disabled. Practically, it's likely that by a combination with other exploits a remote exploit is also possible. If AMT features are enabled, you're screwed anyway.
To repeat, this affects almost every Intel machine since 2008 and certainly every current Intel machine, whether you use AMT or not. It's especially problematic if you use full disk encryption.
Vote with your wallet (Score:1)
Now that AMD has released Ryzen you once again have the freedom of choice in the x86 space. The only way Intel will ever changes its ways is if people vote with their wallets and support competition.
EULA on a critical backdoor?? (Score:2)
"try the mitigations here".... you mean the ones that force you to sign a EULA?? is intel having a laugh?
wait this is a OOB like IPMI and not scanned ? (Score:2)
So this would have to be provisioned...
its like IPMI (DRAC)
(from wikipedia https://en.wikipedia.org/wiki/Intel_Active_Management_Technology)
"The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional MAC and IP address for the out-of-band interface, with direct access to the Ethernet controller; one portion of the Ethernet traffic is diverted to the ME even before reaching the host's operating system, for what support exists in various Ethernet controllers, exported and
Default password = admin (Score:5, Interesting)
The CTRL-p menu (after much of the booting had taken place) brought me to a AMT/ME screen where I could turn AMT off after entering a password.
The default password is "admin" which worked with my refurbished HP Xeon box. I have since changed the password.
Re: (Score:2)
"HP deliberately disabled this in "non-business" computer models."
HP may have disabled it but it still exists and runs. Even my DV9000 and DV7 still have ports 16992 and 16993 actively listening on my network when turned off.
Do you care about Matroshka processors? (Score:2)
Interesting.
I just watched Rudolf Marek: AMD x86 SMU firmware analysis [youtube.com] yesterday afternoon.
slides [events.ccc.de]
These slides are related to the talk, but might not be an exact match.
Funny anecdote: someone got Linux running on an ARM chip inside a disk drive. That would be really useful for beating up on the algorithms inside Intel's new Optame, er, Optane Memory.
Do you think this was accidental? (Score:2, Interesting)
It's funny how many critical security flaws are so devious that they allow state-actors to just walk right in, and when they're found they stick out like sore thumbs. This here is exactly why you shouldn't buy CPUs from NSA-CIA-Intel.
Re: (Score:2)
This here is exactly why you shouldn't buy CPUs from NSA-CIA-Intel.
From whom, then?
BTW, remember when I said... (Score:2)
...all silicon was vulnerable?
AMD isn't secure, either.
I told you people there was a game-changing vulnerability out there that resided in pretty much all modern silicon.
Loving those downmods, now, because here I am, shown right. Vindication is always sweet.
Fun fact: i5 chips and onwards have a 3g chip in t (Score:2)
Re: (Score:1)