mersenneforum.org
Page 1 of 2 1 2
Show 97 post(s) from this thread on one page

mersenneforum.org (https://www.mersenneforum.org/index.php)
-   Hardware (https://www.mersenneforum.org/forumdisplay.php?f=9)
-   -   Intel's latest problem... (https://www.mersenneforum.org/showthread.php?t=22882)

science_man_88 2017-11-22 14:57
vunerability talked about in yahoo aritcle
 
[url]https://www.yahoo.com/news/intel-apos-latest-core-processors-142100896.html[/url]
[QUOTE]Intel has confirmed previous reports that its recent PC, internet of things and server chips are vulnerable to remote hacking. The problem is with the onboard "Management Engine," which has multiple holes that could let remote attackers run malicious software, get privileged access and take over computers. The vulnerability affects sixth, seventh and eighth generation Core chips (Skylake, Kaby Lake and Kaby Lake R), along with Pentium, Celeron, Atom and multiple Xeon chips.[/QUOTE]

retina 2017-11-22 15:01
And you can't update it, or remove it, or turn it off, or mitigate it, or bypass it. The CPU won't run unless you allow the ME to run first. Insecure by design.

The best option is to have a good external firewall, or just don't connect it to any network.

CRGreathouse 2017-11-22 15:04
[url]http://www.mersenneforum.org/showthread.php?t=21382[/url]

science_man_88 2017-11-22 15:16
[QUOTE=CRGreathouse;472244][url]http://www.mersenneforum.org/showthread.php?t=21382[/url][/QUOTE]

That just shows how little I remember forum threads already existing.

Dubslow 2017-11-22 23:25
[QUOTE=science_man_88;472242]The vulnerability affects sixth, seventh and eighth generation Core chips (Skylake, Kaby Lake and Kaby Lake R), along with Pentium, Celeron, Atom and multiple Xeon chips.
[/QUOTE]

Not strictly true. Similar vulnerabilities can be found for hardware dating all the way back to the Core 2 days. "management engine" crapware is very old.

This is my go-to link on the matter: [url]https://libreboot.org/faq.html#intel[/url]

retina 2017-11-23 01:11
[QUOTE=Dubslow;472276]This is my go-to link on the matter: [url]https://libreboot.org/faq.html#intel[/url][/QUOTE]Good link :tu:

Dubslow 2017-11-23 02:10
[QUOTE=retina;472280]Good link :tu:[/QUOTE]

Very few people I show it to take it seriously :sad:

kladner 2017-11-23 05:47
[QUOTE=Dubslow;472283]Very few people I show it to take it seriously :sad:[/QUOTE]
I take it seriously, but see no escape from the situation.

Dubslow 2017-11-23 06:48
[QUOTE=kladner;472290]I take it seriously, but see no escape from the situation.[/QUOTE]

Any computer running libreboot is free of the problem, though as the link states, such hardware is ancient. You *can* buy such anciently old hardware with the crap removed, but... yeah, it's ancient.

Recently, a lot of the current crapware has been *mostly* disabled; [URL="https://en.wikipedia.org/wiki/Purism,_SPC"]Purism[/URL] is one of the companies funding the work (though much of said work remains volunteer), and its [URL="https://en.wikipedia.org/wiki/Librem"]line of laptops[/URL] is modern Intel hardware with the crapware disabled to the best of current ability, though as retina notes elsewhere, the usefulness of partial solutions is debatable. If I had money for a new laptop, I would probably buy from there, because 1) as far as I can tell, the company has so far been as good as their word, which is saying actually a fair bit these days, and 2) at least some of that purchase price goes to ensuring further on totally removing the crapware from the chip/motherboard, and 3) having the modern hardware would be such a boon compared to the old Core2 laptops available that are totally crapware free.

But, as ever, don't take my word for it.

For reference, RMS has used an ARM-based laptop in recent years, though I don't know specifics. Er, scratch that, [URL="https://stallman.org/stallman-computing.html"]straight from the source[/URL]: he used to use something like that, but then switched to the liberated Core 2 laptops I mentioned when they were first liberated.

kladner 2017-11-23 07:33
1 Attachment(s)
I am pretty much hooked on 'desktop' machines, as in 'a big tower that sits under the desk.'

I am also pessimistic that rolling back to hardware that old would make one that much safer. There are still plenty of Internet hazards to stumble into. To be invulnerable one must not connect.

While this crapware is really egregious, being built into the chipset, as well as the CPU, our whole digital environment is under scrutiny in a multitude of ways. If repressive forces want information, they get it.

xilman 2017-11-23 07:35
[QUOTE=Dubslow;472292]Any computer running libreboot is free of the problem, though as the link states, such hardware is ancient. You *can* buy such anciently old hardware with the crap removed, but... yeah, it's ancient.[/QUOTE]Not necessarily free from the problem but you can go a long way towards protecting yourself from external attacks by running a packet filtering firewall at (each of) your incoming network cables. Needless to say, the filters have to be running a safe cpu and OS but that's not too difficult to arrange. Back in the mid-90's my office was firewalled off from the rest of the university with a 386SX-25 running MS-DOG 3.1. Admittedly I only had a 10Mb ethernet connection but it shows how little hardware is needed for a simple firewall.

The above does not provide any protection against WiFi attacks, unfortunately. :sad:


All times are UTC. The time now is 04:24.
Page 1 of 2 1 2
Show 97 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2023, Jelsoft Enterprises Ltd.