New Security Flaw Hits Intel, Laptops this time
Click here to post a comment for New Security Flaw Hits Intel, Laptops this time on our message forum
RavenMaster
So these recent vulnerabilities have been around for the past 10 years. Surely they can't have just been discovered only now. Which begs the question - is this all just a ploy to get people to upgrade to Intel 9th gen processors later this year? Processors which will no doubt be assured by Intel to be much safer and immune to these vulnerabilities? Just think - all those old pentiums and celerons that have been inside business computers (still working just fine) yet now needing to be swapped out and upgraded to ensure full safety on a hardware level. Such a plan could backfire and switch people over to AMD. But then AMD isn't without its vulnerabilities now either... is it? Seems a very convenient way to get people to upgrade if you think about it. And over the last 10 years, how many times has your PC been hacked at hardware level?
kruno
Cr*p, did they even patched last hole in AMT
kruno
Amaze
This isn't a ploy
Ploys usually don't involve ruining your reputation for years to come.
Denial
This isn't a flaw in Intel hardware also I'm not sure why you posted this article and not the original F-Secure press release. This article states that it requires physical access, which is true - but it also requires the company to not disable AMT and/or change the default username/password for AMT - which is a configuration problem, not a hardware flaw.
The F-Secure article specifically states this:
https://hackaday.com/2018/01/08/speculative-execution-was-a-troublemaker-for-xbox-360/
But the security aspects of those flaws haven't. Like I keep reading people saying "Intel knew about the backdoor but wanted the performance" or whatever - but what about ARM/Apple/IBM/Microsoft/Linux Kernel devs that are also shipping meltdown affected parts and/or knew about speculative execution issues? Or the various security companies that audit this hardware rather frequently?
It was clearly overlooked.
Intel can fix this by simply updating the default configuration - but companies could also be avoiding this by following best practices for AMT provisioning.
Why can't they just have been discovered just now? Problems with speculative execution have been known for a while:
kruno
RavenMaster
https://imgur.com/CRNqn8K
Whatever happens, fear sells and somebody is set to profit from these vulnerabilities massively
https://imgur.com/CRNqn8K
Aura89
alanm
tsunami231
Serotonin
Obvious backdoor to "fight against terrorism" or whatever BS the flock buy into this week. This was an obviously known exploit and it doesn't take 10 years to find such a critical issue. Think.
WareTernal
RzrTrek
What the heck has Intel been doing for the past 15 years?
tsunami231
well on the other side of things alot routers when you first go in to them ask to have passwords/user changed, smart people will do this, others will ignore it, others never go in to the routers., intel could do something like this again it assume people have brains to know it should be changed.
Other side of this they could do what is what verizon does with there routers they all have random pw made fore each router sent out.
lazyness and bad security habits like not chaning default passwords is no intels fault
Turanis
Stormyandcold
As long as our governments demand a method to be able to gain access, then, our PC+data will never be fully secure. No hat on needed, that's just reality. All this wasn't a problem until the methods became public.
Fender178
Denial
slyphnier
this admin/admin basically used everywhere isnt it ?
not only bios, but also in various devices (networking devices such as routers/modems/ etc.also using same combination)
i might read it to fast and missed something, but why now ?
i mean this been used for years, without anyone reporting/complaining
and all of sudden there report for this
its just like someone trying to get attention/advantage from the current "intel" hot/break news
tsunami231
human stupidity is is no flaw in HW, if your in the IT world or hell the know how about this stuff and you leaving default passwords as admin/admin , you should be fired or blame your self is issue happens. this isnt even "flaw" specific to intel
this day in age, most things when you first login to TELL you to change user/pass and prompt you to do so, if it being ignore that is your fualt.
Most people will leave user as admin and change pass, but in corperate world they should be change user and pass, and on a monthly basis at that.