Finnish cybersecurity specialist F-Secure has reported another serious flaw in Intel hardware. It has nothing to do with the Spectre and Meltdown vulnerabilities, but has a huge "destructive potential" too. http://www.dw.com/en/new-security-flaw-detected-in-intel-hardware/a-42122823 https://www.guru3d.com/news-story/new-security-flaw-hits-intellaptops-this-time.html
So these recent vulnerabilities have been around for the past 10 years. Surely they can't have just been discovered only now. Which begs the question - is this all just a ploy to get people to upgrade to Intel 9th gen processors later this year? Processors which will no doubt be assured by Intel to be much safer and immune to these vulnerabilities? Just think - all those old pentiums and celerons that have been inside business computers (still working just fine) yet now needing to be swapped out and upgraded to ensure full safety on a hardware level. Such a plan could backfire and switch people over to AMD. But then AMD isn't without its vulnerabilities now either... is it? Seems a very convenient way to get people to upgrade if you think about it. And over the last 10 years, how many times has your PC been hacked at hardware level?
This isn't a flaw in Intel hardware also I'm not sure why you posted this article and not the original F-Secure press release. This article states that it requires physical access, which is true - but it also requires the company to not disable AMT and/or change the default username/password for AMT - which is a configuration problem, not a hardware flaw. The F-Secure article specifically states this: Intel can fix this by simply updating the default configuration - but companies could also be avoiding this by following best practices for AMT provisioning. Why can't they just have been discovered just now? Problems with speculative execution have been known for a while: https://hackaday.com/2018/01/08/speculative-execution-was-a-troublemaker-for-xbox-360/ But the security aspects of those flaws haven't. Like I keep reading people saying "Intel knew about the backdoor but wanted the performance" or whatever - but what about ARM/Apple/IBM/Microsoft/Linux Kernel devs that are also shipping meltdown affected parts and/or knew about speculative execution issues? Or the various security companies that audit this hardware rather frequently? It was clearly overlooked.
Actually it is just Intel's meltdown (with 2 ARM), software side (MS,Linux,BSD..) is just trying to soft patch hardware flaw
Whatever happens, fear sells and somebody is set to profit from these vulnerabilities massively https://imgur.com/CRNqn8K
So to favor the 9 series, they give up a years sales of the vulnerable 8 series? Hmm.. And so many people in the company would have to be in on it, any righteous (or disgruntled) employee would spill the beans faster than you can say busted, disgraced, sued for billions, and mass resignations of Intels senior management. Not to mention just the extreme incompetence to think up such a silly plan would see their asses booted out by shareholders pretty quick.
This, it not intel fault default password are left as, that is just pain stupid in corporate environment
Obvious backdoor to "fight against terrorism" or whatever BS the flock buy into this week. This was an obviously known exploit and it doesn't take 10 years to find such a critical issue. Think.
My thoughts exactly. Sounds like the problem is a combination of two factors: the feature works as intended, and people are lazy. Couldn't we say a similar thing about a lot of routers? If you haven't changed the password AND a bad actor has physical access to the device, they could gain control of the device, and configure it for remote access.
well on the other side of things alot routers when you first go in to them ask to have passwords/user changed, smart people will do this, others will ignore it, others never go in to the routers., intel could do something like this again it assume people have brains to know it should be changed. Other side of this they could do what is what verizon does with there routers they all have random pw made fore each router sent out. lazyness and bad security habits like not chaning default passwords is no intels fault
Ermm...backdooors and milk the end-user/corporate? Meanwhile at Intel: "Intel CEO promises Customer-First Urgency,Transparent and Timely Communications,Ongoing Security Assurance in open letter to tech industry leaders. Further, the CEO said the open sharing of performance data by hardware and software developers would be essential to "rapid progress" moving forward."
As long as our governments demand a method to be able to gain access, then, our PC+data will never be fully secure. No hat on needed, that's just reality. All this wasn't a problem until the methods became public.
Yeah this is how this entire thing got exposed because a member of the NSA had his home computer hacked through Kaspersky and it allowed users to gain access to the same tools that the NSA users.
There is a difference between the NSA finding zero-day exploits in hardware and keeping them to themselves and the NSA working with Intel to implement said backdoors. Why would the NSA ask Intel to implement some complicated exploit that's a complete pain in the ass to get meaningful data out of and causes debugging errors when they could just tell them to shove a well designed wide open backdoor in the AMT/PSP/Etc - a block of hardware that no one has access to and can read/write anything encrypted and transfer it over the internet even when the computer is off? Like the logic makes no sense and any/all leaked evidence points to NSA not working with Intel and just finding the exploits first - but then everyone just goes and says the opposite because who knows why. There is a saying called "Hanlon's Razor" and I think it applies here: "Never attribute to malice that which is adequately explained by stupidity."
this admin/admin basically used everywhere isnt it ? not only bios, but also in various devices (networking devices such as routers/modems/ etc.also using same combination) i might read it to fast and missed something, but why now ? i mean this been used for years, without anyone reporting/complaining and all of sudden there report for this its just like someone trying to get attention/advantage from the current "intel" hot/break news
