Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Remote security exploit in all 2008+ Intel platforms
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Remote security exploit in all 2008+ Intel platforms

«1

Comments

  • YuraYura Member

    Pinging @NSA, @CIA, @PRISM_Nick, just a heads-up​ if they didn't know.

  • Built in backdoor for the NSA.

    Thanked by 1Robotex
  • blackblack Member

    So are people taking steps to patch their systems or are we supposed to wait for OEMs to release a patch?

  • Just another plus to having competition. I can now switch to another decent processor from AMD, rather than suffer from Intel's lack of updates and ignorance.

    Thanked by 1AuroraZ
  • doghouch said: I can now switch to another decent processor from AMD

    It's not about processor I read?

  • black said: So are people taking steps to patch their systems or are we supposed to wait for OEMs to release a patch?

    This isn't something you can patch. It's much deeper.

  • blackblack Member

    Ole_Juul said: This isn't something you can patch. It's much deeper.

    OEMs should be releasing firmware updates (supermicro, HP, dell). I'm not sure how the patching is done or who's responsibility it is to patch it.

  • black said: OEMs should be releasing firmware updates (supermicro, HP, dell).

    Yeah, that's who'd do it. Apparently they're on it. It's mostly a server thing though because you need vPro and AMT provisioned. Here's hoping that data centers all do updates when they come out. You can check out Matthew Garrett's post on the topic here: http://mjg59.dreamwidth.org/48429.html

    Here's a list of chips cut/paste from El Reg:

    First-gen Core family: 6.2.61.3535
    Second-gen Core family: 7.1.91.3272
    Third-gen Core family: 8.1.71.3608
    Fourth-gen Core family: 9.1.41.3024 and 9.5.61.3012
    Fifth-gen Core family: 10.0.55.3000
    Sixth-gen Core family: 11.0.25.3001
    Seventh-gen Core family: 11.6.27.3264
    
  • blackblack Member
    edited May 2017

    Here's an article on how to do it on windows, not sure if it works but I saw it on YCombinator

    https://mattermedia.com/blog/disabling-intel-amt/




    Edit, nevermind.

    "As others have said, it doesn't disable the ME. It merely removes OS-side support for it and resets configuration to non-exploitable state.
    The ME itself remains up and running."
  • HybridHybrid Member

    Still using Pentium2

  • Anyone who wants to buy a Core2.. hit me back!

  • rm_rm_ IPv6 Advocate, Veteran
    edited May 2017

    Using three AMD FX-8350 systems at home, it's the only modern desktop/server CPU lineup without exploitable remote backdoors -- https://libreboot.org/faq.html#amd (referred to as "Family 15h").

    Have those Intel i5 OVH dedis though, I wonder who is supposed to update them, OVH (how? while I still have it running?) or me (really, updating BIOS on a rented dedi?) More likely they will just go unpatched and that actually makes me want to just cancel, even though those are a great deal.

  • @rm_ said:
    Have those Intel i5 OVH dedis though, I wonder who is supposed to update them, OVH (how? while I still have it running?) or me (really, updating BIOS on a rented dedi?) More likely they will just go unpatched and that actually makes me want to just cancel, even though those are a great deal.

    You mean they have AMT on? Disable it.

  • rm_rm_ IPv6 Advocate, Veteran

    deadbeef said: You mean they have AMT on? Disable it.

    How do I find out that it's on? The checking tool that Intel offers is Windows 7/8/10 only (classy!) and my servers run Debian.

    Moreover, as Libreboot says https://libreboot.org/faq.html#intel

    In summary, the Intel Management Engine and its applications are a backdoor with total access to and control over the rest of the PC. The ME is a threat to freedom, security, and privacy, and the libreboot project strongly recommends avoiding it entirely. Since recent versions of it can’t be removed, this means avoiding all recent generations of Intel hardware.

    Even if you "disable" it, it still can't be removed, and in fact you can't be sure it's actually disabled.

  • @BlazeMuis said:
    Built in backdoor for the NSA.

    My thoughts exactly.

    Back door gone wrong.

    Thanked by 1BlazeMuis
  • @rm_ said:

    deadbeef said: You mean they have AMT on? Disable it.

    How do I find out that it's on? The checking tool that Intel offers is Windows 7/8/10 only (classy!) and my servers run Debian.

    From the BIOS screen. Where exactly depends on the OEM I suppose but it should be there.

    Even if you "disable" it, it still can't be removed, and in fact you can't be sure it's actually disabled.

    That's true but what is the alternative? Host on a Pi? :)

  • rm_rm_ IPv6 Advocate, Veteran
    edited May 2017

    deadbeef said: From the BIOS screen.

    What BIOS screen, it's a dedi without KVM access.

    deadbeef said: That's true but what is the alternative? Host on a Pi? :)

    AMD Bulldozer/Piledriver which I mentioned above is one. 8-core CPUs at up to 5.0 GHz, still more than enough for practically any usage.

    Thanked by 1deadbeef
  • @rm_ said:

    deadbeef said: From the BIOS screen.

    What BIOS screen, it's a dedi without KVM access.

    In that case, whoops - time for a new host!

    deadbeef said: That's true but what is the alternative? Host on a Pi? :)

    AMD Bulldozer/Piledriver which I mentioned above is one. 8-core CPUs at up to 5.0 GHz, still more than enough for practically any usage.

    Not bad!

  • Long term solution: Disable with https://github.com/corna/me_cleaner and switch to Coreboot. Right now ME Cleaner is more likely to brick your laptop, but hopefully they will get more developer love.

  • @eLohkCalb said:

    doghouch said: I can now switch to another decent processor from AMD

    It's not about processor I read?

    I was referring to the management software. It can be avoided by not having Intel, right?

  • @doghouch said:

    @eLohkCalb said:

    doghouch said: I can now switch to another decent processor from AMD

    It's not about processor I read?

    I was referring to the management software. It can be avoided by not having Intel, right?

    AMD has too, see @_rm 's posts above.

    Thanked by 1doghouch
  • @rm_ said:

    deadbeef said: From the BIOS screen.

    What BIOS screen, it's a dedi without KVM access.

    deadbeef said: That's true but what is the alternative? Host on a Pi? :)

    AMD Bulldozer/Piledriver which I mentioned above is one. 8-core CPUs at up to 5.0 GHz, still more than enough for practically any usage.

    Other than gaming. Arma 2, can barely run of the 8320s 8350s ain't much better. Absolute dog shit single core but yeah.

  • NeoonNeoon Community Contributor, Veteran

    @rm_ said:
    Using three AMD FX-8350 systems at home, it's the only modern desktop/server CPU lineup without exploitable remote backdoors -- https://libreboot.org/faq.html#amd (referred to as "Family 15h").

    Thanked by 1Yura
  • @Neoon said:

    Name of the movie?

  • teamaccteamacc Member

    @deadbeef said:

    @Neoon said:

    Name of the movie?

    some kill bill

    Thanked by 1deadbeef
  • k0nslk0nsl Member

    I didn't think this was ‘news’. Hasn't this been widely known for a very, very long time?

  • @k0nsl said:
    I didn't think this was ‘news’. Hasn't this been widely known for a very, very long time?

    It's news that it's news. ;)

  • doghouch said: Just another plus to having competition. I can now switch to another decent processor from AMD, rather than suffer from Intel's lack of updates and ignorance.

    FYI AMD CPUs have a similar feature: https://libreboot.org/faq.html#amd

Sign In or Register to comment.