New security flaw detected in Intel hardware

Discussion in 'Frontpage news' started by zero_cool, Jan 12, 2018.

  1. zero_cool

    zero_cool Member

    Messages:
    34
    Likes Received:
    9
    GPU:
    Two amd fury X
    Last edited by a moderator: Jan 12, 2018
  2. RavenMaster

    RavenMaster Master Guru

    Messages:
    813
    Likes Received:
    7
    GPU:
    2x EVGA GTX 1070 SC's SLI
    So these recent vulnerabilities have been around for the past 10 years. Surely they can't have just been discovered only now. Which begs the question - is this all just a ploy to get people to upgrade to Intel 9th gen processors later this year? Processors which will no doubt be assured by Intel to be much safer and immune to these vulnerabilities? Just think - all those old pentiums and celerons that have been inside business computers (still working just fine) yet now needing to be swapped out and upgraded to ensure full safety on a hardware level. Such a plan could backfire and switch people over to AMD. But then AMD isn't without its vulnerabilities now either... is it? Seems a very convenient way to get people to upgrade if you think about it. And over the last 10 years, how many times has your PC been hacked at hardware level?
     
    Last edited: Jan 12, 2018
    jaggerwild likes this.
  3. kruno

    kruno Master Guru

    Messages:
    225
    Likes Received:
    55
    GPU:
    4890/1
    Cr*p, did they even patched last hole in AMT
     
  4. kruno

    kruno Master Guru

    Messages:
    225
    Likes Received:
    55
    GPU:
    4890/1
    Hardly,lawsuits in USA has already begun, in any way this "blunders" is going to cost them dearly
     

  5. Amaze

    Amaze Ancient Guru

    Messages:
    2,258
    Likes Received:
    31
    GPU:
    Gigabyte 970 G1 1550/7800
    This isn't a ploy
    Ploys usually don't involve ruining your reputation for years to come.
     
    yasamoka and alanm like this.
  6. Denial

    Denial Ancient Guru

    Messages:
    11,120
    Likes Received:
    67
    GPU:
    EVGA 1080Ti
    This isn't a flaw in Intel hardware also I'm not sure why you posted this article and not the original F-Secure press release. This article states that it requires physical access, which is true - but it also requires the company to not disable AMT and/or change the default username/password for AMT - which is a configuration problem, not a hardware flaw.

    The F-Secure article specifically states this:

    Intel can fix this by simply updating the default configuration - but companies could also be avoiding this by following best practices for AMT provisioning.


    Why can't they just have been discovered just now? Problems with speculative execution have been known for a while:

    https://hackaday.com/2018/01/08/speculative-execution-was-a-troublemaker-for-xbox-360/

    But the security aspects of those flaws haven't. Like I keep reading people saying "Intel knew about the backdoor but wanted the performance" or whatever - but what about ARM/Apple/IBM/Microsoft/Linux Kernel devs that are also shipping meltdown affected parts and/or knew about speculative execution issues? Or the various security companies that audit this hardware rather frequently?

    It was clearly overlooked.
     
  7. kruno

    kruno Master Guru

    Messages:
    225
    Likes Received:
    55
    GPU:
    4890/1
    Actually it is just Intel's meltdown (with 2 ARM), software side (MS,Linux,BSD..) is just trying to soft patch hardware flaw
     
  8. RavenMaster

    RavenMaster Master Guru

    Messages:
    813
    Likes Received:
    7
    GPU:
    2x EVGA GTX 1070 SC's SLI
    [​IMG]

    Whatever happens, fear sells and somebody is set to profit from these vulnerabilities massively

    https://imgur.com/CRNqn8K
     
    Last edited: Jan 12, 2018
  9. mikev190

    mikev190 Master Guru

    Messages:
    437
    Likes Received:
    30
    GPU:
    Zotac 1080Ti AMP! Extreme
    Too much tinfoil going on here.

    I mean look at your image, it says: "Norton can help users protect against some instances of the threat". :confused:

    We all know this is mainly hardware so what does Norton know what we don't? Point being everyone is out for how much profit, its' the way of the world. If you want to change don't buy Intel as they are the worst in this case.
     
    Aura89 likes this.
  10. Aura89

    Aura89 Ancient Guru

    Messages:
    6,462
    Likes Received:
    56
    GPU:
    -
    This. For this entire forum, so much this.
     

  11. alanm

    alanm Ancient Guru

    Messages:
    7,388
    Likes Received:
    130
    GPU:
    1070 AMP!
    So to favor the 9 series, they give up a years sales of the vulnerable 8 series? Hmm.. And so many people in the company would have to be in on it, any righteous (or disgruntled) employee would spill the beans faster than you can say busted, disgraced, sued for billions, and mass resignations of Intels senior management. Not to mention just the extreme incompetence to think up such a silly plan would see their asses booted out by shareholders pretty quick.
     
    yasamoka likes this.
  12. tsunami231

    tsunami231 Ancient Guru

    Messages:
    8,031
    Likes Received:
    68
    GPU:
    EVGA 660gtx sig2
    This, it not intel fault default password are left as, that is just pain stupid in corporate environment
     
    WareTernal likes this.
  13. SerotoNiN

    SerotoNiN Ancient Guru

    Messages:
    2,265
    Likes Received:
    62
    GPU:
    nVidia GTX 1070 8GB
    Obvious backdoor to "fight against terrorism" or whatever BS the flock buy into this week. This was an obviously known exploit and it doesn't take 10 years to find such a critical issue. Think.
     
    HonoredShadow likes this.
  14. WareTernal

    WareTernal Member Guru

    Messages:
    151
    Likes Received:
    11
    GPU:
    XFX R9 380X XXX
    My thoughts exactly. Sounds like the problem is a combination of two factors: the feature works as intended, and people are lazy.
    Couldn't we say a similar thing about a lot of routers? If you haven't changed the password AND a bad actor has physical access to the device, they could gain control of the device, and configure it for remote access.
     
    sykozis likes this.
  15. RzrTrek

    RzrTrek Maha Guru

    Messages:
    1,232
    Likes Received:
    71
    GPU:
    RX580 (8GB)
    What the heck has Intel been doing for the past 15 years?
     
    HonoredShadow, TheDeeGee and Silva like this.

  16. tsunami231

    tsunami231 Ancient Guru

    Messages:
    8,031
    Likes Received:
    68
    GPU:
    EVGA 660gtx sig2
    well on the other side of things alot routers when you first go in to them ask to have passwords/user changed, smart people will do this, others will ignore it, others never go in to the routers., intel could do something like this again it assume people have brains to know it should be changed.

    Other side of this they could do what is what verizon does with there routers they all have random pw made fore each router sent out.

    lazyness and bad security habits like not chaning default passwords is no intels fault
     
  17. Turanis

    Turanis Maha Guru

    Messages:
    1,214
    Likes Received:
    29
    GPU:
    Gigabyte RX500
    Ermm...backdooors and milk the end-user/corporate?

    Meanwhile at Intel:

    "Intel CEO promises Customer-First Urgency,Transparent and Timely Communications,Ongoing Security Assurance in open letter to tech industry leaders.
    Further, the CEO said the open sharing of performance data by hardware and software developers would be essential to "rapid progress" moving forward."
     
    RzrTrek likes this.
  18. Stormyandcold

    Stormyandcold Ancient Guru

    Messages:
    4,861
    Likes Received:
    20
    GPU:
    MSI GTX1070 Gaming X
    As long as our governments demand a method to be able to gain access, then, our PC+data will never be fully secure. No hat on needed, that's just reality. All this wasn't a problem until the methods became public.
     
    airbud7, sykozis and Silva like this.
  19. Fender178

    Fender178 Ancient Guru

    Messages:
    3,447
    Likes Received:
    21
    GPU:
    GTX 1070 | GTX 1060
    Yeah this is how this entire thing got exposed because a member of the NSA had his home computer hacked through Kaspersky and it allowed users to gain access to the same tools that the NSA users.
     
  20. Denial

    Denial Ancient Guru

    Messages:
    11,120
    Likes Received:
    67
    GPU:
    EVGA 1080Ti
    There is a difference between the NSA finding zero-day exploits in hardware and keeping them to themselves and the NSA working with Intel to implement said backdoors.

    Why would the NSA ask Intel to implement some complicated exploit that's a complete pain in the ass to get meaningful data out of and causes debugging errors when they could just tell them to shove a well designed wide open backdoor in the AMT/PSP/Etc - a block of hardware that no one has access to and can read/write anything encrypted and transfer it over the internet even when the computer is off?

    Like the logic makes no sense and any/all leaked evidence points to NSA not working with Intel and just finding the exploits first - but then everyone just goes and says the opposite because who knows why.

    There is a saying called "Hanlon's Razor" and I think it applies here:

    "Never attribute to malice that which is adequately explained by stupidity."
     
    yasamoka, airbud7 and sykozis like this.

Share This Page