Personal computing discussed
Moderators: renee, Flying Fox, morphine
just brew it! wrote:I already mentioned this in the thread about the vulnerable version of Minix in Intel chipsets: viewtopic.php?p=1367345#p1367345
The neighborhood has been a war zone ever since the internet went public. At least this one requires the user to physically plug something into the USB port; an attacker would need to trick the user into using a compromised USB device.
whm1974 wrote:just brew it! wrote:I already mentioned this in the thread about the vulnerable version of Minix in Intel chipsets: viewtopic.php?p=1367345#p1367345
The neighborhood has been a war zone ever since the internet went public. At least this one requires the user to physically plug something into the USB port; an attacker would need to trick the user into using a compromised USB device.
I have a policy of not picking up and using any "losted" USB dongles I happen to find. In fact I have even stomped hard on a few I found to help prevents "attacks".
just brew it! wrote:whm1974 wrote:just brew it! wrote:I already mentioned this in the thread about the vulnerable version of Minix in Intel chipsets: viewtopic.php?p=1367345#p1367345
The neighborhood has been a war zone ever since the internet went public. At least this one requires the user to physically plug something into the USB port; an attacker would need to trick the user into using a compromised USB device.
I have a policy of not picking up and using any "losted" USB dongles I happen to find. In fact I have even stomped hard on a few I found to help prevents "attacks".
It is still possible you've purchased counterfeit USB devices, or that a legitimate vendor's supply chain has been compromised, resulting in a seemingly innocuous device that contains an exploit.
Unlikely? Yeah. Impossible? No.
Neowin wrote:Today, the United States Computer Emergency Readiness Team (US-CERT) posted about a security bulletin that Intel released, which addresses vulnerabilities in the firmware of Management Engine, Server Platform Services, and Trusted Execution Engine. According to US-CERT, a hacker could use these to take control of your system.
The issue affects a wide range of Intel products, including 6th- (Skylake), 7th- (Kaby Lake), and 8th-generation (Kaby Lake R) Core chips, along with Xeon E3-1200 v5 and v6, Xeon Scalable family, and Xeon W family. Lower-powered chips are also affected, including Apollo Lake Atom and Pentium chips, as well as Celeron N and J processors.
Intel Manageability Engine versions 11.0.x.x, 11.5.x.x, 11.6.x.x, 11.7.x.x, 11.10.x.x, and 11.20.x.x, and Versions 8.x, 9.x, and 10.x are also affected, but only include the latter two issues. Server Platform Service 4.0.x.x contains the following vulnerabilities.
Finally, Trusted Execution Engine version 3.0.x.x includes similar vulnerabilities to those listed for Server Platform Service.
Intel is offering a Detection Tool that you can use to find out if your PC is affected by these issues. Of course, it's also recommended that you check with your OEM for updated firmware for your device.
biffzinker wrote:Guess my Core i7-4790K is unaffected.
Intel wrote:Affected products:
6th, 7th & 8th Generation Intel® Core™ Processor Family
Intel® Xeon® Processor E3-1200 v5 & v6 Product Family
Intel® Xeon® Processor Scalable Family
Intel® Xeon® Processor W Family
Intel® Atom® C3000 Processor Family
Apollo Lake Intel® Atom Processor E3900 series
Apollo Lake Intel® Pentium™
Celeron™ N and J series Processors
biffzinker wrote:Guess my Core i7-4790K is unaffected.