New Security Flaw Hits Intel, Laptops this time
Click here to post a comment for New Security Flaw Hits Intel, Laptops this time on our message forum
RavenMaster
So these recent vulnerabilities have been around for the past 10 years. Surely they can't have just been discovered only now. Which begs the question - is this all just a ploy to get people to upgrade to Intel 9th gen processors later this year? Processors which will no doubt be assured by Intel to be much safer and immune to these vulnerabilities? Just think - all those old pentiums and celerons that have been inside business computers (still working just fine) yet now needing to be swapped out and upgraded to ensure full safety on a hardware level. Such a plan could backfire and switch people over to AMD. But then AMD isn't without its vulnerabilities now either... is it? Seems a very convenient way to get people to upgrade if you think about it. And over the last 10 years, how many times has your PC been hacked at hardware level?
kruno
Cr*p, did they even patched last hole in AMT
kruno
Hardly,lawsuits in USA has already begun, in any way this "blunders" is going to cost them dearly
Amaze
This isn't a ploy
Ploys usually don't involve ruining your reputation for years to come.
Denial
This isn't a flaw in Intel hardware also I'm not sure why you posted this article and not the original F-Secure press release. This article states that it requires physical access, which is true - but it also requires the company to not disable AMT and/or change the default username/password for AMT - which is a configuration problem, not a hardware flaw.
The F-Secure article specifically states this:
Intel can fix this by simply updating the default configuration - but companies could also be avoiding this by following best practices for AMT provisioning.
Why can't they just have been discovered just now? Problems with speculative execution have been known for a while:
https://hackaday.com/2018/01/08/speculative-execution-was-a-troublemaker-for-xbox-360/
But the security aspects of those flaws haven't. Like I keep reading people saying "Intel knew about the backdoor but wanted the performance" or whatever - but what about ARM/Apple/IBM/Microsoft/Linux Kernel devs that are also shipping meltdown affected parts and/or knew about speculative execution issues? Or the various security companies that audit this hardware rather frequently?
It was clearly overlooked.
kruno
Actually it is just Intel's meltdown (with 2 ARM), software side (MS,Linux,BSD..) is just trying to soft patch hardware flaw
RavenMaster
https://imgur.com/CRNqn8K
Whatever happens, fear sells and somebody is set to profit from these vulnerabilities massively
https://imgur.com/CRNqn8K
Aura89
This. For this entire forum, so much this.
alanm
So to favor the 9 series, they give up a years sales of the vulnerable 8 series? Hmm.. And so many people in the company would have to be in on it, any righteous (or disgruntled) employee would spill the beans faster than you can say busted, disgraced, sued for billions, and mass resignations of Intels senior management. Not to mention just the extreme incompetence to think up such a silly plan would see their asses booted out by shareholders pretty quick.
tsunami231
This, it not intel fault default password are left as, that is just pain stupid in corporate environment
Serotonin
Obvious backdoor to "fight against terrorism" or whatever BS the flock buy into this week. This was an obviously known exploit and it doesn't take 10 years to find such a critical issue. Think.
WareTernal
My thoughts exactly. Sounds like the problem is a combination of two factors: the feature works as intended, and people are lazy.
Couldn't we say a similar thing about a lot of routers? If you haven't changed the password AND a bad actor has physical access to the device, they could gain control of the device, and configure it for remote access.
RzrTrek
What the heck has Intel been doing for the past 15 years?
tsunami231
well on the other side of things alot routers when you first go in to them ask to have passwords/user changed, smart people will do this, others will ignore it, others never go in to the routers., intel could do something like this again it assume people have brains to know it should be changed.
Other side of this they could do what is what verizon does with there routers they all have random pw made fore each router sent out.
lazyness and bad security habits like not chaning default passwords is no intels fault
Turanis
Ermm...backdooors and milk the end-user/corporate?
Meanwhile at Intel:
"Intel CEO promises Customer-First Urgency,Transparent and Timely Communications,Ongoing Security Assurance in open letter to tech industry leaders.
Further, the CEO said the open sharing of performance data by hardware and software developers would be essential to "rapid progress" moving forward."
Stormyandcold
As long as our governments demand a method to be able to gain access, then, our PC+data will never be fully secure. No hat on needed, that's just reality. All this wasn't a problem until the methods became public.
Fender178
Yeah this is how this entire thing got exposed because a member of the NSA had his home computer hacked through Kaspersky and it allowed users to gain access to the same tools that the NSA users.
Denial
There is a difference between the NSA finding zero-day exploits in hardware and keeping them to themselves and the NSA working with Intel to implement said backdoors.
Why would the NSA ask Intel to implement some complicated exploit that's a complete pain in the ass to get meaningful data out of and causes debugging errors when they could just tell them to shove a well designed wide open backdoor in the AMT/PSP/Etc - a block of hardware that no one has access to and can read/write anything encrypted and transfer it over the internet even when the computer is off?
Like the logic makes no sense and any/all leaked evidence points to NSA not working with Intel and just finding the exploits first - but then everyone just goes and says the opposite because who knows why.
There is a saying called "Hanlon's Razor" and I think it applies here:
"Never attribute to malice that which is adequately explained by stupidity."
slyphnier
this admin/admin basically used everywhere isnt it ?
not only bios, but also in various devices (networking devices such as routers/modems/ etc.also using same combination)
i might read it to fast and missed something, but why now ?
i mean this been used for years, without anyone reporting/complaining
and all of sudden there report for this
its just like someone trying to get attention/advantage from the current "intel" hot/break news
tsunami231
human stupidity is is no flaw in HW, if your in the IT world or hell the know how about this stuff and you leaving default passwords as admin/admin , you should be fired or blame your self is issue happens. this isnt even "flaw" specific to intel
this day in age, most things when you first login to TELL you to change user/pass and prompt you to do so, if it being ignore that is your fualt.
Most people will leave user as admin and change pass, but in corperate world they should be change user and pass, and on a monthly basis at that.
