Personal computing discussed

Moderators: renee, Flying Fox, morphine

 
Shobai
Gerbil First Class
Topic Author
Posts: 165
Joined: Sat Sep 03, 2005 1:18 am

There goes the neighbourhood, I guess

Sun Nov 12, 2017 7:19 pm

According to this tweet some researchers have gotten access to Intel's ME.
 
whm1974
Emperor Gerbilius I
Posts: 6361
Joined: Fri Dec 05, 2014 5:29 am

Re: There goes the neighbourhood, I guess

Sun Nov 12, 2017 7:25 pm

Hasn't the EFF been warning us about the ME for years now? Looks like they were right.
 
just brew it!
Administrator
Posts: 54500
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: There goes the neighbourhood, I guess

Sun Nov 12, 2017 8:06 pm

I already mentioned this in the thread about the vulnerable version of Minix in Intel chipsets: viewtopic.php?p=1367345#p1367345

The neighborhood has been a war zone ever since the internet went public. At least this one requires the user to physically plug something into the USB port; an attacker would need to trick the user into using a compromised USB device.
Nostalgia isn't what it used to be.
 
whm1974
Emperor Gerbilius I
Posts: 6361
Joined: Fri Dec 05, 2014 5:29 am

Re: There goes the neighbourhood, I guess

Sun Nov 12, 2017 8:18 pm

just brew it! wrote:
I already mentioned this in the thread about the vulnerable version of Minix in Intel chipsets: viewtopic.php?p=1367345#p1367345

The neighborhood has been a war zone ever since the internet went public. At least this one requires the user to physically plug something into the USB port; an attacker would need to trick the user into using a compromised USB device.

I have a policy of not picking up and using any "losted" USB dongles I happen to find. In fact I have even stomped hard on a few I found to help prevents "attacks".
 
just brew it!
Administrator
Posts: 54500
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: There goes the neighbourhood, I guess

Sun Nov 12, 2017 8:31 pm

whm1974 wrote:
just brew it! wrote:
I already mentioned this in the thread about the vulnerable version of Minix in Intel chipsets: viewtopic.php?p=1367345#p1367345

The neighborhood has been a war zone ever since the internet went public. At least this one requires the user to physically plug something into the USB port; an attacker would need to trick the user into using a compromised USB device.

I have a policy of not picking up and using any "losted" USB dongles I happen to find. In fact I have even stomped hard on a few I found to help prevents "attacks".

It is still possible you've purchased counterfeit USB devices, or that a legitimate vendor's supply chain has been compromised, resulting in a seemingly innocuous device that contains an exploit.

Unlikely? Yeah. Impossible? No.
Nostalgia isn't what it used to be.
 
whm1974
Emperor Gerbilius I
Posts: 6361
Joined: Fri Dec 05, 2014 5:29 am

Re: There goes the neighbourhood, I guess

Sun Nov 12, 2017 8:36 pm

just brew it! wrote:
whm1974 wrote:
just brew it! wrote:
I already mentioned this in the thread about the vulnerable version of Minix in Intel chipsets: viewtopic.php?p=1367345#p1367345

The neighborhood has been a war zone ever since the internet went public. At least this one requires the user to physically plug something into the USB port; an attacker would need to trick the user into using a compromised USB device.

I have a policy of not picking up and using any "losted" USB dongles I happen to find. In fact I have even stomped hard on a few I found to help prevents "attacks".

It is still possible you've purchased counterfeit USB devices, or that a legitimate vendor's supply chain has been compromised, resulting in a seemingly innocuous device that contains an exploit.

Unlikely? Yeah. Impossible? No.

I can only do what I can. If I prevented a few people from turning their computers into a botnet node or even worse, then I done my part.
 
Vhalidictes
Gerbil Jedi
Posts: 1835
Joined: Fri Jan 07, 2005 2:32 pm
Location: Paragon City, RI

Re: There goes the neighbourhood, I guess

Mon Nov 13, 2017 12:05 pm

My understanding is that the ME has its own MAC. If you're letting the ME grab an IP address and do anything non-local you have bigger problems.

Yes, the security implications are huge, and I'm not trying to minimize any problems people have, but most home routers will show active DHCP leases. If you see anything there that you don't know about...
 
biffzinker
Gerbil Jedi
Posts: 1998
Joined: Tue Mar 21, 2006 3:53 pm
Location: AK, USA

Re: There goes the neighbourhood, I guess

Tue Nov 21, 2017 2:24 pm

Neowin wrote:
Today, the United States Computer Emergency Readiness Team (US-CERT) posted about a security bulletin that Intel released, which addresses vulnerabilities in the firmware of Management Engine, Server Platform Services, and Trusted Execution Engine. According to US-CERT, a hacker could use these to take control of your system.

The issue affects a wide range of Intel products, including 6th- (Skylake), 7th- (Kaby Lake), and 8th-generation (Kaby Lake R) Core chips, along with Xeon E3-1200 v5 and v6, Xeon Scalable family, and Xeon W family. Lower-powered chips are also affected, including Apollo Lake Atom and Pentium chips, as well as Celeron N and J processors.

Intel Manageability Engine versions 11.0.x.x, 11.5.x.x, 11.6.x.x, 11.7.x.x, 11.10.x.x, and 11.20.x.x, and Versions 8.x, 9.x, and 10.x are also affected, but only include the latter two issues. Server Platform Service 4.0.x.x contains the following vulnerabilities.

Finally, Trusted Execution Engine version 3.0.x.x includes similar vulnerabilities to those listed for Server Platform Service.

Intel is offering a Detection Tool that you can use to find out if your PC is affected by these issues. Of course, it's also recommended that you check with your OEM for updated firmware for your device.


https://www.neowin.net/news/intel-annou ... processors

https://downloadcenter.intel.com/download/27150
https://security-center.intel.com/advis ... geid=en-fr
It would take you 2,363 continuous hours or 98 days,11 hours, and 35 minutes of gameplay to complete your Steam library.
In this time you could travel to Venus one time.
 
biffzinker
Gerbil Jedi
Posts: 1998
Joined: Tue Mar 21, 2006 3:53 pm
Location: AK, USA

Re: There goes the neighbourhood, I guess

Tue Nov 21, 2017 2:38 pm

Guess my Core i7-4790K is unaffected.
Image
It would take you 2,363 continuous hours or 98 days,11 hours, and 35 minutes of gameplay to complete your Steam library.
In this time you could travel to Venus one time.
 
DancinJack
Maximum Gerbil
Posts: 4494
Joined: Sat Nov 25, 2006 3:21 pm
Location: Kansas

Re: There goes the neighbourhood, I guess

Tue Nov 21, 2017 7:30 pm

biffzinker wrote:
Guess my Core i7-4790K is unaffected.


Unless I'm mistaken, I don't think Haswell/DC was one of the models affected here?

Intel wrote:
Affected products:

6th, 7th & 8th Generation Intel® Core™ Processor Family
Intel® Xeon® Processor E3-1200 v5 & v6 Product Family
Intel® Xeon® Processor Scalable Family
Intel® Xeon® Processor W Family
Intel® Atom® C3000 Processor Family
Apollo Lake Intel® Atom Processor E3900 series
Apollo Lake Intel® Pentium™
Celeron™ N and J series Processors
i7 6700K - Z170 - 16GiB DDR4 - GTX 1080 - 512GB SSD - 256GB SSD - 500GB SSD - 3TB HDD- 27" IPS G-sync - Win10 Pro x64 - Ubuntu/Mint x64 :: 2015 13" rMBP Sierra :: Canon EOS 80D/Sony RX100
 
Kougar
Minister of Gerbil Affairs
Posts: 2306
Joined: Tue Dec 02, 2008 2:12 am
Location: Texas

Re: There goes the neighbourhood, I guess

Tue Nov 21, 2017 8:36 pm

biffzinker wrote:
Guess my Core i7-4790K is unaffected.


Which is fortunate, because I highly doubt any Z87 / Z97 boards are going to see BIOS updates at this point. ASUS skipped the last security patch for haswell systems.
 
morphine
TR Staff
Posts: 11600
Joined: Fri Dec 27, 2002 8:51 pm
Location: Portugal (that's next to Spain)

Re: There goes the neighbourhood, I guess

Sat Nov 25, 2017 2:42 pm

IIRC from the article I wrote, it's Skylake and onwards.
There is a fixed amount of intelligence on the planet, and the population keeps growing :(

Who is online

Users browsing this forum: No registered users and 1 guest
GZIP: On