1. 77
  1.  

  2. 11

    Which points again out how important projects such as me_cleaner or libreboot are. It’s also impressive how little me_cleaner.py needs.

      1. 1

        404

        1. 3

          This link works.

          1. 1

            For me, it’s just a blank page.

            1. 1

              it is a pdf so that might be an issue

              1. 1

                Apparently Chrome just refuses to work with that link. I was able to use curl, though. Thanks!

                1. 1

                  Odd, it works fine for me with Chrome (I just tried now).

              2. 1

                it is a pdf so that might be an issue

        2. 8

          For obvious reasons we couldn’t publish what we found

          So everybody was vulnerable for two more years. There needs to be a limit to any self-imposed no-disclosure policy. Even Google’s Project Zero has a 90 day deadline after which they go public no matter what.

          1. 5

            Yeah, this is bullshit. I’m sure that this vulnerability was known by major government hacking groups. They just prevented regular people from knowing the risks that they are exposed to.

          2. 7

            I would wait for confirmation from other sources, since semiaccurate is notoriously… semi-accurate.

            1. 13
              1. 7

                If I understand the Intel advisory correctly, still pretty bad, but won’t apply to most end users. The remote vulnerability only applies to systems that have provisioned Intel AMT (not merely a chip with AMT support, which would be much worse). Provisioning doesn’t happen by default, and is pretty much only done by business users. A secondary vulnerability, disclosed simultaneously, is that local unprivileged users can provision AMT if it’s not already provisioned (presumably for the purpose of subsequently exploiting it remotely), which provides a local privilege escalation route.

                1. 3

                  “The remote vulnerability only applies to systems that have provisioned Intel AMT”

                  Maybe. My prediction had two parts. One is that they hid a backdoor in AMT. The other is that they saved costs by keeping that wiring in a lot of chips with it just not visible to the user of some processors depending on what they paid for. The latter is very common in hardware industry to save costs. Most prominent example being hard disks that all had same sized platter but firmware or something made it pretend to be different sizes. More profitable because it cost same to make but charge people more or less depending on use. Main guy that taught me hardware risks also gave example of mobile SOC’s being reused in other products since the supplier already ggot a discount on it. Just didn’t advertise wireless or other phone features were in it.

                  We don’t know for sure that the hardware or firmware can’t be accessed remotely if the users haven’t explicitly turned it on. Initial reading I did even said it listens while the system is off. It draws little power when in use. The fact that it’s there is reason to continue not trusting Intel CPU’s if you have any worry about backdoors or high-end attacks via network.

                  1. 2

                    Yeah, the whole Intel 80486 SX was just a regular 80486 with a defective (or perhaps marginal) FPU unit.

                    1. 2

                      Once yields improved, they became 486es with working but disabled floating point units. I think later one they went to 486SXes that didn’t have an FPU at all.

                      1. 1

                        Likewise for the AMD Triple Cores being defective Quad Cores but at least they were honest about it. Wonder if they’ll be honest about their management engines being defective secure, management engines. ;)

                  2. 6

                    Intel would like to thank Maksim Malyutin from Embedi for reporting this issue and working with us on coordinated disclosure.

                    That’s not how you spell SemiAccurate. Intel cutting Charlie out of the loop!

                    1. 1

                      much, much better!

                    2. 5

                      Intel’s marketing material saying they added remote access plus their track record on errata and firmware quality told me it was true years ago. Patterns like that just keep repeating. Best to assume it’s insecure until they prove it’s not.

                      1. 7

                        I don’t doubt there’s potential vulnerabilities in the system with varying severities and with varying attack difficulties, but this particular article on this particular vulnerability should be taken with a fairly large grain of salt, particularly regarding any of the details, given the source.

                        Semiaccurate is well-known for posting speculation as fact, but worse, they often have major misunderstandings of the material they report on, leading to errors, incorrect deductions, wild speculation, etc. My favorite example (a real quote, not satire):

                        You probably don’t remember but the Midgard architecture you know and love is a four wide architecture four stages deep. Each cycle one thread, aka a triangle or quad, is issued to the execution units. Since they are four wide they can take a full quad a cycle which is a really good thing. Unfortunately most game developers seem stuck on triangles which tend to use only three of the SIMD vector lanes. This is bad but modern power gating means it won’t consume hideous amounts of power, it just doesn’t utilize the hardware to its maximum potential often. The technical term for this is inefficiency.

                        1. 3

                          Now that’s a good point on source reliability. The triangle thing is hilarious, too. Thanks for that one.

                      1. 4

                        Kind of a letdown, no? I was promised murder and mayhem, but this is probably an order of magnitude less serious (in terms of affected systems) than the Windows SMB RCE vuln fixed last month.

                        A few numbers, salt to taste, for comparison.

                        30000, or 50000, or 130000, or something computers with DoublePulsar on the net. https://arstechnica.com/security/2017/04/nsa-backdoor-detected-on-55000-windows-boxes-can-now-be-remotely-removed/

                        Fewer than 7000 computers with requisite AMT ports open on the net. https://arstechnica.com/security/2017/05/intel-patches-remote-code-execution-bug-that-lurked-in-cpus-for-10-years/

                        1. 3

                          Digestible summary without the sky is falling fearmongering?

                          1. 6

                            What I said repeatedly on HN since it was obvious. There’s a security flaw or backdoor in the Intel ME firmware that has network and DMA access. Intel ignored it for years no matter who they talked to. They seem to be getting around to patching at least that one.

                            It’s why I’ve recommended against Intel since vPro and AMT were first planned under Trusted Computing Group. Those meetings were closed door with NSA participation. It was always about DRM and backdoors.

                            1. 11

                              Don’t assume people are on HN?

                              1. 18

                                The whole reason I’m here is to specifically not be on HN.

                                1. 7

                                  I didnt. I implied I said it to IT people and security pros on a tech site full of them with almost nobody buying the claim or caring. This was typical of forums without paranoids. One of most famous there even started debunking why the RNG wasnt a risk with nobody even pointing out the whole chip, incl RNG, was backdoored. Made it kinda moot point, eh?

                                2. 3

                                  Which tells me nothing I didn’t know (hadn’t read) years ago. The information delta of this article is zero.

                                  1. 9

                                    Greater than zero: Intel is now releasing patches for their backdoored firmware.

                                    1. 2

                                      Exactly. Only for 1 backdoor, though. There could be more. ;)

                                      1. 2

                                        Firmware change list: Fix remote security exploit in all 2008+ Intel platforms (CVE-2017-5689) Add new remote security exploit for NSA

                                  2. 2

                                    Are AMD any better, though? afaik they implemented similar kinda things.

                                    It’s not realistic to avoid both companies, really.

                                    1. 9

                                      It is for security critical work. I was recommending POWER, PPC, and SPARC back then with their Open Firmware. The market overwhelmingly going x86 means you’ll pay more to avoid the backdoors. On embedded, I designed for VIA Artigos to get low-power x86 at 1GHz w/ crypto accelerator and TRNG.

                                      Today, if still needing fast x86, I suggest buying old gear with 2.5-3.0GHz Xeons. Maybe even SMP boards. The better solution, which needs big $$$, is paying AMD’s Semi-Custom business to make one without the management stuff.

                                      1. 5

                                        Are AMD any better, though? afaik they implemented similar kinda things.

                                        Correct, it just took them a bit longer.

                                        Check out this timeline by Raptor Engineering.

                                      2. 1

                                        I’m not as well informed as I perhaps should be on this, but doesn’t AMD also have something similar?

                                      3. 2

                                        Intel hasn’t revealed the details of the flaw yet.

                                        1. 1

                                          That’s what I’m hoping for at the moment. I don’t know the first thing about CPUs so I have no idea whether to actually be worried.

                                          1. 2

                                            Only you can decide whether or not you should be be worried.

                                            For those of us who are worried, there are some mitigations available.

                                        2. 3

                                          HN comment to bookmark for future reference, long bet style: https://news.ycombinator.com/item?id=14240840

                                          1. 2

                                            Well, for once I am happy that my laptop is from 2007.

                                            I’m honestly afraid to upgrade, but mostly because of ME and PSP.

                                            1. 1

                                              Hopefully this is the impetus needed for manufacturers (likely starting with the very vertically integrated Apple) to move away from proprietary, spyware-ridden Intel hardware where plausible.

                                              I would love a cross-manufacturer open-license collaboration (like what’s happened with Linux over the years), but I would settle for ARM in the meantime.