mersenneforum.org  

Go Back   mersenneforum.org > Great Internet Mersenne Prime Search > Hardware

Reply
 
Thread Tools
Old 2017-11-22, 14:57   #1
science_man_88
 
science_man_88's Avatar
 
"Forget I exist"
Jul 2009
Dumbassville

838410 Posts
Default vunerability talked about in yahoo aritcle

https://www.yahoo.com/news/intel-apo...142100896.html
Quote:
Intel has confirmed previous reports that its recent PC, internet of things and server chips are vulnerable to remote hacking. The problem is with the onboard "Management Engine," which has multiple holes that could let remote attackers run malicious software, get privileged access and take over computers. The vulnerability affects sixth, seventh and eighth generation Core chips (Skylake, Kaby Lake and Kaby Lake R), along with Pentium, Celeron, Atom and multiple Xeon chips.
science_man_88 is offline   Reply With Quote
Old 2017-11-22, 15:01   #2
retina
Undefined
 
retina's Avatar
 
"The unspeakable one"
Jun 2006
My evil lair

22·32·132 Posts
Default

And you can't update it, or remove it, or turn it off, or mitigate it, or bypass it. The CPU won't run unless you allow the ME to run first. Insecure by design.

The best option is to have a good external firewall, or just don't connect it to any network.
retina is online now   Reply With Quote
Old 2017-11-22, 15:04   #3
CRGreathouse
 
CRGreathouse's Avatar
 
Aug 2006

2×29×103 Posts
Default

http://www.mersenneforum.org/showthread.php?t=21382
CRGreathouse is offline   Reply With Quote
Old 2017-11-22, 15:16   #4
science_man_88
 
science_man_88's Avatar
 
"Forget I exist"
Jul 2009
Dumbassville

26×131 Posts
Default

Quote:
Originally Posted by CRGreathouse View Post
That just shows how little I remember forum threads already existing.
science_man_88 is offline   Reply With Quote
Old 2017-11-22, 23:25   #5
Dubslow
Basketry That Evening!
 
Dubslow's Avatar
 
"Bunslow the Bold"
Jun 2011
40<A<43 -89<O<-88

3·29·83 Posts
Default

Quote:
Originally Posted by science_man_88 View Post
The vulnerability affects sixth, seventh and eighth generation Core chips (Skylake, Kaby Lake and Kaby Lake R), along with Pentium, Celeron, Atom and multiple Xeon chips.
Not strictly true. Similar vulnerabilities can be found for hardware dating all the way back to the Core 2 days. "management engine" crapware is very old.

This is my go-to link on the matter: https://libreboot.org/faq.html#intel
Dubslow is offline   Reply With Quote
Old 2017-11-23, 01:11   #6
retina
Undefined
 
retina's Avatar
 
"The unspeakable one"
Jun 2006
My evil lair

608410 Posts
Default

Quote:
Originally Posted by Dubslow View Post
This is my go-to link on the matter: https://libreboot.org/faq.html#intel
Good link
retina is online now   Reply With Quote
Old 2017-11-23, 02:10   #7
Dubslow
Basketry That Evening!
 
Dubslow's Avatar
 
"Bunslow the Bold"
Jun 2011
40<A<43 -89<O<-88

11100001101012 Posts
Default

Quote:
Originally Posted by retina View Post
Good link
Very few people I show it to take it seriously
Dubslow is offline   Reply With Quote
Old 2017-11-23, 05:47   #8
kladner
 
kladner's Avatar
 
"Kieren"
Jul 2011
In My Own Galaxy!

22×2,539 Posts
Default

Quote:
Originally Posted by Dubslow View Post
Very few people I show it to take it seriously
I take it seriously, but see no escape from the situation.
kladner is offline   Reply With Quote
Old 2017-11-23, 06:48   #9
Dubslow
Basketry That Evening!
 
Dubslow's Avatar
 
"Bunslow the Bold"
Jun 2011
40<A<43 -89<O<-88

3×29×83 Posts
Default

Quote:
Originally Posted by kladner View Post
I take it seriously, but see no escape from the situation.
Any computer running libreboot is free of the problem, though as the link states, such hardware is ancient. You *can* buy such anciently old hardware with the crap removed, but... yeah, it's ancient.

Recently, a lot of the current crapware has been *mostly* disabled; Purism is one of the companies funding the work (though much of said work remains volunteer), and its line of laptops is modern Intel hardware with the crapware disabled to the best of current ability, though as retina notes elsewhere, the usefulness of partial solutions is debatable. If I had money for a new laptop, I would probably buy from there, because 1) as far as I can tell, the company has so far been as good as their word, which is saying actually a fair bit these days, and 2) at least some of that purchase price goes to ensuring further on totally removing the crapware from the chip/motherboard, and 3) having the modern hardware would be such a boon compared to the old Core2 laptops available that are totally crapware free.

But, as ever, don't take my word for it.

For reference, RMS has used an ARM-based laptop in recent years, though I don't know specifics. Er, scratch that, straight from the source: he used to use something like that, but then switched to the liberated Core 2 laptops I mentioned when they were first liberated.
Dubslow is offline   Reply With Quote
Old 2017-11-23, 07:33   #10
kladner
 
kladner's Avatar
 
"Kieren"
Jul 2011
In My Own Galaxy!

22·2,539 Posts
Default

I am pretty much hooked on 'desktop' machines, as in 'a big tower that sits under the desk.'

I am also pessimistic that rolling back to hardware that old would make one that much safer. There are still plenty of Internet hazards to stumble into. To be invulnerable one must not connect.

While this crapware is really egregious, being built into the chipset, as well as the CPU, our whole digital environment is under scrutiny in a multitude of ways. If repressive forces want information, they get it.
Attached Thumbnails
Click image for larger version

Name:	nsa backup.jpg
Views:	100
Size:	6.4 KB
ID:	17232  
kladner is offline   Reply With Quote
Old 2017-11-23, 07:35   #11
xilman
Bamboozled!
 
xilman's Avatar
 
"π’‰Ίπ’ŒŒπ’‡·π’†·π’€­"
May 2003
Down not across

32·11·107 Posts
Default

Quote:
Originally Posted by Dubslow View Post
Any computer running libreboot is free of the problem, though as the link states, such hardware is ancient. You *can* buy such anciently old hardware with the crap removed, but... yeah, it's ancient.
Not necessarily free from the problem but you can go a long way towards protecting yourself from external attacks by running a packet filtering firewall at (each of) your incoming network cables. Needless to say, the filters have to be running a safe cpu and OS but that's not too difficult to arrange. Back in the mid-90's my office was firewalled off from the rest of the university with a 386SX-25 running MS-DOG 3.1. Admittedly I only had a 10Mb ethernet connection but it shows how little hardware is needed for a simple firewall.

The above does not provide any protection against WiFi attacks, unfortunately.
xilman is offline   Reply With Quote
Reply

Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem compiling latest SVN ATH GMP-ECM 2 2011-06-23 07:27
Has anyone seen my latest treatise? davieddy Lounge 0 2011-01-21 19:29
Intel e6600 Dual Core Problem - How to use both cores with Prime95? Shoallakeboy Hardware 2 2006-11-06 17:55
Bigint problem with snfs latest snapshot VJS Factoring 0 2006-07-10 22:25
Latest version? [CZ]Pegas Software 3 2002-08-23 17:05

All times are UTC. The time now is 05:56.

Sun Mar 7 05:56:55 UTC 2021 up 94 days, 2:08, 0 users, load averages: 1.03, 1.38, 1.69

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.

This forum has received and complied with 0 (zero) government requests for information.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.
A copy of the license is included in the FAQ.