New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Remote security exploit in all 2008+ Intel platforms
Link: https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/
Well...this should be interesting.
Thanked by 1muratai
Comments
Pinging @NSA, @CIA, @PRISM_Nick, just a heads-up if they didn't know.
Built in backdoor for the NSA.
So are people taking steps to patch their systems or are we supposed to wait for OEMs to release a patch?
Just another plus to having competition. I can now switch to another decent processor from AMD, rather than suffer from Intel's lack of updates and ignorance.
It's not about processor I read?
https://theregister.co.uk/2015/08/11/memory_hole_roots_intel_processors/
Merry Christmas!!!
This isn't something you can patch. It's much deeper.
OEMs should be releasing firmware updates (supermicro, HP, dell). I'm not sure how the patching is done or who's responsibility it is to patch it.
Yeah, that's who'd do it. Apparently they're on it. It's mostly a server thing though because you need vPro and AMT provisioned. Here's hoping that data centers all do updates when they come out. You can check out Matthew Garrett's post on the topic here: http://mjg59.dreamwidth.org/48429.html
Here's a list of chips cut/paste from El Reg:
Here's an article on how to do it on windows, not sure if it works but I saw it on YCombinator
https://mattermedia.com/blog/disabling-intel-amt/
Edit, nevermind.
Still using Pentium2
Anyone who wants to buy a Core2.. hit me back!
Using three AMD FX-8350 systems at home, it's the only modern desktop/server CPU lineup without exploitable remote backdoors -- https://libreboot.org/faq.html#amd (referred to as "Family 15h").
Have those Intel i5 OVH dedis though, I wonder who is supposed to update them, OVH (how? while I still have it running?) or me (really, updating BIOS on a rented dedi?) More likely they will just go unpatched and that actually makes me want to just cancel, even though those are a great deal.
You mean they have AMT on? Disable it.
How do I find out that it's on? The checking tool that Intel offers is Windows 7/8/10 only (classy!) and my servers run Debian.
Moreover, as Libreboot says https://libreboot.org/faq.html#intel
Even if you "disable" it, it still can't be removed, and in fact you can't be sure it's actually disabled.
My thoughts exactly.
Back door gone wrong.
From the BIOS screen. Where exactly depends on the OEM I suppose but it should be there.
That's true but what is the alternative? Host on a Pi?
What BIOS screen, it's a dedi without KVM access.
AMD Bulldozer/Piledriver which I mentioned above is one. 8-core CPUs at up to 5.0 GHz, still more than enough for practically any usage.
In that case, whoops - time for a new host!
Not bad!
https://www.reddit.com/r/Amd/comments/5x4hxu/we_are_amd_creators_of_athlon_radeon_and_other/
scroll scroll scroll
Long term solution: Disable with https://github.com/corna/me_cleaner and switch to Coreboot. Right now ME Cleaner is more likely to brick your laptop, but hopefully they will get more developer love.
I was referring to the management software. It can be avoided by not having Intel, right?
AMD has too, see @_rm 's posts above.
Other than gaming. Arma 2, can barely run of the 8320s 8350s ain't much better. Absolute dog shit single core but yeah.
Name of the movie?
some kill bill
I didn't think this was ‘news’. Hasn't this been widely known for a very, very long time?
It's news that it's news.
FYI AMD CPUs have a similar feature: https://libreboot.org/faq.html#amd