who are the right people?
https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platf... publish what we found out but we took every opportunity to beg anyone who could even tangentially influence the right people to do something about this security problem. SemiAccurate explained the problem to literally dozens of “right people” to seemingly no avail. We also strongly hinted that it existed at every chance we had. ... this capability yet), read and write to the screen, and do all of this completely unlogged. Due to the network access abilities, it can also send whatever it finds out to wherever it wants, encrypted or not. keep in mind, just how many computers run Intel. We don't backdoor encryption. We backdoor everything. We should have adopted the Clipper chip.
On 05/01/2017 11:21 AM, Ryan Carboni wrote:
;) Another useful quote from SemiAccurate: | The short version is that every Intel platform with AMT, ISM, and | SBT from Nehalem in 2008 to Kaby Lake in 2017 has a remotely | exploitable security hole in the ME (Management Engine) not CPU | firmware. If this isn’t scary enough news, even if your machine | doesn’t have SMT, ISM, or SBT provisioned, it is still vulnerable, | just not over the network. For the moment. From what SemiAccurate | gathers, there is literally no Intel box made in the last 9+ years | that isn’t at risk. This is somewhere between nightmarish and | apocalyptic.[/QUOTE] According to Intel: | There is an escalation of privilege vulnerability in Intel® Active | Management Technology (AMT), Intel® Standard Manageability (ISM), | and Intel® Small Business Technology versions firmware versions | 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an | unprivileged attacker to gain control of the manageability features | provided by these products. This vulnerability does not exist on | Intel-based consumer PCs. https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr You can check your CPUs for vPro etc at https://ark.intel.com/#@Processors Intel's mitigation guide: https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Gui...
On Mon, May 01, 2017 at 03:21:52PM -0700, Ryan Carboni wrote:
Yeah, obvious. Just as well they kept their work hidden until after it got exposed by other channels nearly 10 years later, otherwise we might have thought SemiAccurate was fundamentally compromised from the get go and are now trying to cash in on their 10 year old "find". I mean, what scruples, what ... integrity.
On Tue, May 2, 2017 at 5:21 AM, Ryan Carboni <ryacko@gmail.com> wrote:
keep in mind, just how many computers run Intel. We don't backdoor encryption. We backdoor everything.
The back door is a *feature*, not a bug, right? For instance, this company is quite proud of their back door technology, and are openly selling access to it: https://www.absolute.com/en/ about/persistence *Persistence is the only technology that keeps you in complete command with
According to their knowledgeable and courteous salesman, whom I once chanced to meet, use cases for the back door include locating and recovering stolen corporate laptops.
participants (6)
-
Jason McVetta -
John Newman -
juan -
Mirimir -
Ryan Carboni -
Zenaan Harkness