1. 42
  1.  

  2. 12

    Very misleading headline; the vulnerability actually only exists since Skylake, which came out in 2015.

    Still a very big deal tho.

    1. 16

      Thanks. I’m glad I didn’t have to say it. :)

      If you care about what’s happening, and you should, it’s really hard to actually find out and filter out all the wild speculation. It’s like there’s some food you’re not supposed to eat. Somebody says don’t eat grapes. Somebody else says don’t eat grapefruit. Not the same! So you ask why not, to figure out what’s happening, and someone says polonium is bad for your skin. Yeah, no shit, but what does that mean?

      The fact that minix wasn’t introduced until recently is one of the few practical facts in this whole saga, and it’s generally underreported. If you care about security, and you lack the means to prevent the nsa from plugging strange shit into your USB ports, sticking with broadwell may be a reasonable precaution. Does the register mention this? No, of course not.

      1. 5

        One problem is that it’s hard to tell what exactly is running on top of MINIX. For example, this article suggests that it has a full blown web server packed in https://www.networkworld.com/article/3236064/servers/minix-the-most-popular-os-in-the-world-thanks-to-intel.html

        The fact that there is an OS running on your machine that you have no access to, but that has access everything you do is incredibly disturbing in my opinion.

        1. 5

          The fact that there is an OS running on your machine that you have no access to, but that has access everything you do is incredibly disturbing in my opinion.

          Yes, and that makes accurate reporting and avoiding sensationalism even more important! When the actual flaws and user-hostile misfeatures are so bad, there shouldn’t be a need to exaggerate (2008 is very different from 2015) to get peoples’ attention.

          1. 1

            But if my machine can’t access this hidden OS, how can the Bad Guys? That’s what I don’t understand. Is there some special IP address to hit the embedded webserver? Some special packet you need to send?

            1. 5

              According to the conversation here AMT listens on ports 16992 and 16993 for traffic from other hosts, but it ignores all traffic from the machine itself: https://mjg59.dreamwidth.org/48429.html (This post is about a different vulnerability in AMT than the USB vulnerability in the parent article; this one can only be triggered over Ethernet.)

              1. 2

                Naive question time: would blocking those ports at the firewall level be enough to reduce exposure?

                1. 4

                  Only if the firewall resides on another host.

                  1. 2

                    Or go into the BIOS and turn AMT off.

                2. 3

                  “You ever face certain death?”

                  “If it was so certain, I wouldn’t be here, would I?”

          2. 2

            It’s getting hard to keep track of all the vulnerabilities and which processors they affect.

            The last big vulnerability was the AMT “Active Management Technology” would accept an empty HTTP authentication hash. That vulnerability affected many older chips, but only the vPro branded ones.

            This vulnerability only goes as far back as Skylake, but it affects all the chips, not just vPro ones.