Off Topic > Off Topic
Massive vulnerability in Intel CPUs with the IME
Metario:
--- Quote from: Headcrab Zombie on May 02, 2017, 03:24:04 PM ---Considering probably 99% of the users on this forum are only using consumer equipment, I think we're overstating the situation just a tad
Edit:
https://www.theregister.co.uk/2017/05/01/intel_amt_me_vulnerability
--- End quote ---
Not forgetting that nearly every server on this planet is vulnerable, yes
Willco2:
I thought both AMD and Intel chips were vulnerable to an exploit at one point... Can't remember what it was, but it was back in like January that I read an article on it and iirc it said something a long the lines of an intentional backdoor that was taken advantage of by the NSA or something?
Anyways on topic, this gave me a slight heart attack seeing as I only have Intel chips in my PCs right now. Luckily, only 2 of those devices are ones with vPro (tech?) in them, and they aren't mine, their from my dad's work.
Ipquarx:
--- Quote from: Headcrab Zombie on May 02, 2017, 03:24:04 PM ---Considering probably 99% of the users on this forum are only using consumer equipment, I think we're overstating the situation just a tad
--- End quote ---
This is the website that actually found the vulnerability: http://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/
"If this isn’t scary enough news, even if your machine doesn’t have SMT, ISM, or SBT provisioned, it is still vulnerable, just not over the network. For the moment. From what SemiAccurate gathers, there is literally no Intel box made in the last 9+ years that isn’t at risk. This is somewhere between nightmarish and apocalyptic."
McJob:
--- Quote from: Willco2 on May 02, 2017, 04:26:34 PM ---I thought both AMD and Intel chips were vulnerable to an exploit at one point...
--- End quote ---
OP is apparently too thick to understand that there are plenty of vulnerabilities in CPUs and GPUs.
https://security-center.intel.com/advisories.aspx
These things get patched all the time. Who cares how long it existed for, especially if it's only now that it's been publicised and there was no Zero-Day attack to show that anybody could be bothered to use this method.
I can't wait to see how he spins this into a Microsoft drama. Maybe next he'll pick on NVIDIA to go for the full trifecta. Is this a ploy to make us all purchase AMD hardware with Linux?
Metario:
--- Quote from: McJob on May 02, 2017, 04:44:35 PM ---OP is apparently too thick to understand that there are plenty of vulnerabilities in CPUs and GPUs.
https://security-center.intel.com/advisories.aspx
These things get patched all the time. Who cares how long it existed for, especially if it's only now that it's been publicised and there was no Zero-Day attack to show that anybody could be bothered to use this method.
I can't wait to see how he spins this into a Microsoft drama. Maybe next he'll pick on NVIDIA to go for the full trifecta. Is this a ploy to make us all purchase AMD hardware with Linux?
--- End quote ---
Yeah, let's just forget that this is in the Management Engine of the CPU, and allows you to own somebodys system, even when it's off (but still plugged in). Let's just forget all of that, and have a nice chuckle about this. https://www.slideshare.net/codeblue_jp/igor-skochinsky-enpub for all of the wonderful features of the ME.