|
infernal machines posted:the article linked last page specifically says it's a vulnerability in the AMT/ME firmware. if your platform doesn't ship with AMT/ME support there is nowhere for that firmware to exist. feature compatibility on ME enabled CPUs does not make the firmware appear on the platform right, so every single thinkpad and
|
#
?
May 1, 2017 20:22
|
|
|
|
| # ? May 17, 2024 02:58 |
|
|
.
|
|
#
?
May 1, 2017 20:25
|
|
|
atomicthumbs posted:right, so every single thinkpad and infernal machines posted:it's bad. it's not the intel apocalypse.
|
|
#
?
May 1, 2017 20:27
|
|
|
you are putting a lot of hope in to there only being a single way to compromise the blackbox ME when it has direct and unrestricted access to the cpu, memory controller, firmware, and network interfaces of every single cpu intel ships and cannot be disabled
|
|
#
?
May 1, 2017 20:31
|
|
|
im glad that Gamers and people dumb enough to buy a celeron netbook with a 32gb sd card for storage, at least, will be able to escape the upcoming catastrophe
|
|
#
?
May 1, 2017 20:33
|
|
|
BangersInMyKnickers posted:you are putting a lot of hope in to there only being a single way to compromise the blackbox ME when it has direct and unrestricted access to the cpu, memory controller, firmware, and network interfaces of every single cpu intel ships and cannot be disabled i repeat, despite the hyperbole of the article it does not have this
|
|
#
?
May 1, 2017 20:37
|
|
|
signal can send files now https://twitter.com/geoffwking/status/859121958759219201
|
|
#
?
May 1, 2017 20:38
|
|
|
you can't exploit me firmware on a board that does not have me firmware. consumer platforms do not have me firmware even if the cpu supports me feature
|
|
#
?
May 1, 2017 20:38
|
|
|
infernal machines posted:i repeat, despite the hyperbole of the article it does not have this lol yes it does go read the architecture documentation from intel
|
|
#
?
May 1, 2017 20:46
|
|
|
how about you show me where it says that management engine components are active and accessible on all systems using ME compatible CPU skus? i really want to know how a platform that does not have amt/me is vulnerable to an attack on amt/me, and you seem very certain that they are, so if you can spell it out for me it would help. e: everything i've read about this as a threat vector that isn't straight up  from hackernews assumes chipset support for the features
infernal machines fucked around with this message at 21:02 on May 1, 2017 |
|
#
?
May 1, 2017 20:50
|
|
|
maybe now we can stop bloviating https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
|
|
#
?
May 1, 2017 21:11
|
|
|
Ulf posted:maybe now we can stop bloviating https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr quote:This vulnerability does not exist on Intel-based consumer PCs. huh
|
|
#
?
May 1, 2017 21:12
|
|
|
eh the "not on consumer pcs" stuff is misleading because a smattering of consumer boards are going to have support for it since they have "non consumer" cpus.
|
|
#
?
May 1, 2017 21:18
|
|
|
not directed at you, i meant "hey here's some actual data"
|
|
#
?
May 1, 2017 21:17
|
|
|
fishmech posted:eh the "not on consumer pcs" stuff is misleading because a smattering of consumer boards are going to have support for it since they have "non consumer" cpus.  you can have a cpu that supports ME on a platform that does not, and vice versa. some consumer boards may have support for it, and paired with a supported cpu it can be activated. but on boards without chipset support it does not appear to be accessible regardless of whether the cpu supports it. ig bangersinmyknickers has some evidence to the contrary, i'd love to see it
|
|
#
?
May 1, 2017 21:24
|
|
|
infernal machines posted:
ok moron: here's what you're not getting. "non consumer" boards are in a lot of "consumer" pcs, because a lot of "consumers" are buying higher end boards meant for environments where the management engine is supported most likely it'll be a certain kind of gamer idiot who thinks buying workstation/server stuff is needed for games, and then a bunch of people using machines that used to work machines and were actively managed int heir former environment using the management engine functionality.
|
|
#
?
May 1, 2017 21:25
|
|
|
yeah, cool and all, and i acknowledged that possibility several times. but bimk is not saying that, they're saying every single system with a supported i5 or i7 cpu is vulnerable, somehow. in the case of the 2fast2furious pc gaming crowd, and people bringing old pcs home from work, what's the attack vector? someone breaks into their house and plugs in a malicious usb device? they accidentally port forward the amt/vpro port though their router to the internet at large? like, i'm not sure what everyone's so eager to argue about. the threat is real, it's incredibly broad. it's just also beyond hyperbole to suggest it affects every system sold with an intel cpu since 2008. to the extent that it's a real concern, it's primarily so in managed environments that can take steps to mitigate it, assuming they haven't been compromised by some state level actor's 0-day already. script kiddies are not going to be rooting uncle owen's shitbox dell from bestbuy via a gif in his email infernal machines fucked around with this message at 21:40 on May 1, 2017 |
|
#
?
May 1, 2017 21:32
|
|
|
fishmech posted:ok moron: here's what you're not getting. "non consumer" boards are in a lot of "consumer" pcs, because a lot of "consumers" are buying higher end boards meant for environments where the management engine is supported so basically, anyone with a high-quality laptop
|
|
#
?
May 1, 2017 22:08
|
|
|
cinci zoo sniper posted:sometimes even allowing letters to be entered in either upper- or lower-case? allowing inverted case is fine, people have done the math
|
|
#
?
May 1, 2017 22:17
|
|
|
cinci zoo sniper posted:greyhound lol if you've bought a bus ticket any way except anonymously with cash at the station lesser lol for taking greyhound an appreciable distance but there's something to be said for traveling interstate for cheap
|
|
#
?
May 2, 2017 01:02
|
|
|
This owns.
|
|
#
?
May 2, 2017 03:37
|
|
|
infernal machines posted:
Here you go:  Asus Z97 "Sabertooth Mk2" mid-high end consumer motherboard. i7 4790k high end consumer CPU Hey, look at that, there's the Intel ME showing its face. Libreboot and Coreboot both have good documentation, with the caveat that Libreboot's Stallman-esque position shines through brightly. https://libreboot.org/faq.html#intelme https://www.coreboot.org/Intel_Management_Engine There is also a tool to neuter the ME to a certain extent: https://github.com/corna/me_cleaner Apparently while you can't modify it or remove it entirely you still can delete most of its settings and modules and it'll happily run with reduced functionality. For those with systems that won't get an official fix it seems like a reasonable thing to try, if you're comfortable loving around with your boot ROM. edit: http://invisiblethingslab.com/resources/misc09/Quest%20To%20The%20Core%20%28public%29.pdf Black Hat '09 presentation about achieving code execution on the AMT/ME CPU on a Q35 chipset system, stating that the hardware still exists and is accessible even on systems where it's not officially enabled. wolrah fucked around with this message at 15:06 on May 2, 2017 |
|
#
?
May 2, 2017 14:48
|
|
|
yes, because that's a board that has the intel me components. notice how it's a device enumerated on the pci bus? i did not say that no consumer boards have me components, but many do not. i am not at a loss as to what the intel me is, i've seen the links you've posted. e: have you checked to see if you can connect to your system remotely with the amt tool? infernal machines fucked around with this message at 15:14 on May 2, 2017 |
|
#
?
May 2, 2017 15:03
|
|
|
also lol if you think using some random poo poo off the web to arbitrarily modify uefi/me firmware is somehow better than a hypothetical exploit that can't be used against your system remotely
|
|
#
?
May 2, 2017 15:03
|
|
|
ME was a mistake
|
|
#
?
May 2, 2017 15:08
|
|
|
flakeloaf posted:ME was a mistake it's not just intel, no matter who does it any me would have been a mistake
|
|
#
?
May 2, 2017 15:20
|
|
|
i'm p. sure that's a very old windows joke
|
|
#
?
May 2, 2017 15:24
|
|
|
infernal machines posted:i'm p. sure that's a very old windows joke i'm p. sure the response was also a very old windows joke 
|
|
#
?
May 2, 2017 16:09
|
|
|
Midjack posted:lol if you've bought a bus ticket any way except anonymously with cash at the station buying them online is like half the price also guarantees me a seat during busy holidays which is when I'm on the bus Chris Knight fucked around with this message at 17:04 on May 2, 2017 |
|
#
?
May 2, 2017 16:59
|
|
|
Chris Knight posted:buying them online is like half the price half, poo poo, sometimes it's like 10% of the price
|
|
#
?
May 2, 2017 17:16
|
|
|
Chris Knight posted:buying them online is like half the price i don't envy the person who has to ride greyhound around ontario during the holidays
|
|
#
?
May 2, 2017 17:20
|
|
|
infernal machines posted:i don't envy the person who has to ride greyhound around ontario during the holidays lol at this specifically but infernal machines posted:i don't envy the person who has to ride greyhound
|
|
#
?
May 2, 2017 17:27
|
|
|
infernal machines posted:yes, because that's a board that has the intel me components. notice how it's a device enumerated on the pci bus? so i've checked like 8 or 9 strictly consumer devices so far, and ME is available/accessible on all of them so far includes pretty run-of-the mill poo poo like this XPS 15 just sayin'
|
|
#
?
May 2, 2017 17:39
|
|
|
how is it accessible? everything i have to test with has it as an advertised feature, but i know we've sold entry level stuff that doesn't and iirc there was no me device driver installation
|
|
#
?
May 2, 2017 17:44
|
|
|
infernal machines posted:how is it accessible? infernal machines posted:a board that has the intel me components. notice how it's a device enumerated on the pci bus? 
|
|
#
?
May 2, 2017 17:49
|
|
|
yes, okay so it shows up in device manager. how do you access it to send a command? e: i'm asking because the exploits so far, and even the whitepapers, seem to all presuppose the existence of AMT or other remote management related me integrated hardware. if the platform doesn't have those, what happens? e2: that same device shows up on a dell that has a core i3 that doesn't have me support infernal machines fucked around with this message at 18:14 on May 2, 2017 |
|
#
?
May 2, 2017 17:49
|
|
|
infernal machines posted:yes, because that's a board that has the intel me components. notice how it's a device enumerated on the pci bus? infernal machines posted:yes, okay so it shows up in device manager. how do you access it to send a command?
|
|
#
?
May 2, 2017 18:15
|
|
|
what? the existence of that device is indicative of chipset support for me features, not that the feature is active or accessible to anything i have a dell here that has that running a cpu that doesn't support vpro, so what me features are available to exploit? remember how the argument was that all supported cpus were somehow exploitable? even if that were the case, that pci device appears whether or not a supported cpu is present, so it can't be indicative of an exploitable system, can it?
|
|
#
?
May 2, 2017 18:19
|
|
|
the most dangerous part of IME is that it is exposed at the hardware level outside of the OS. if this fact escapes you then you clearly dont understand what it is. and if you don't understand how compromising such a system could be leveraged to attack the installed OS then you shouldn't be posting here.
|
|
#
?
May 2, 2017 18:28
|
|
|
|
| # ? May 17, 2024 02:58 |
|
|
the IME require two components to function 1) CPU support, available on supported i5 and i7 CPUs 2) Chipset support on the mainboard it is entirely possible to have one or the other without having both, and thus a functioning IME environment, which has been my whole point this entire loving time. people are posting device viewer screenshots like it proves something. all it shows is that their system has chipset support for IME. that device is present whether or not the IME can actually function it is also possible to have a supported cpu in a board that does not have chipset support, the claim was that even in that case IME was exploitable, despite tha fact that all the theoretical exploits rely on additional ME components like AMT, which require chipset support. infernal machines fucked around with this message at 18:36 on May 2, 2017 |
|
#
?
May 2, 2017 18:32
|
|