[Cryptography] Big ugly security problem in post-2008 Intel chipsets.
Ray Dillinger
bear at sonic.net
Mon May 1 22:40:45 EDT 2017
I have been saying this for years, but kept receiving assurances from
everyone "official" at the manufacturers and OEMs whom I brought it up
to, all claiming that it wasn't true.
Any machine with a hardware BIOS that allows network bootup, data
recovery, and OS installation regardless of the condition or even
presence of an OS installed locally on the machine has got to be broken.
This is self-evident. To claim otherwise is clearly lying, or
childishly believing in something which is logically impossible for no
reason better than wishing it to be true.
The advertising therefore clearly contained a logical contradiction, and
I'd been assuming that it was the security they were wrong (or lying)
about rather than the remote management capabilities. There is flatly
and literally no way that the advertised capabilities of "remote
management" on these machines can be provided without the existence of a
hardware security problem that someone can drive a tank through.
Well, guess what. It's Effing broken, and somebody's evidently been
driving tanks through it. I'm not the guy who proved it; I'm just the
guy who's been assuming, and sometimes arguing, for years, that it must
clearly be broken in order for those capabilities to exist.
https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170501/162c18d8/attachment.sig>
More information about the cryptography
mailing list