• Now's your chance win big! Join our community and get entered to win a RTX 2060 GPU, plus more! Join here.

    Meet Stan Dmitriev of SurrogateTV on the Pi Cast TODAY! The show is live August 11th at 2:30 pm ET (7:30 PM BST). Watch live right here!

    Professional PC modder Mike Petereyns joins Scharon on the Tom's Hardware Show live on Thursday, August 13th at 3:00 pm ET (8:00 PM BST). Click here!

News Intel Discovers Security Flaw in CSME Firmware

jgraham11

Distinguished
Jan 15, 2010
32
9
18,535
0
Another one, this time Intel actually reported it themselves.
Do you think it has anything to do with the negative publicity they
have been receiving for all those strings they attach to "Prize money"
for reporting a bug.
Why the researchers who found Cacheout bug declined to stay
silenced for potentially years.
 
Jan 17, 2020
42
6
35
0
It'd be interesting to know whether Intel's own internal IT disables the ME on their systems. I'm betting they probably do.
Nope they don't. I have a number of friends who work in IT for the company. In truth, 90% of these "bugs" never affect anyone. I suppose if you download and install anything from anyone and spend your days on eastern european porn sites, you might get something. Oh, and your computer too!
 

bit_user

Splendid
Ambassador
Nope they don't. I have a number of friends who work in IT for the company. In truth, 90% of these "bugs" never affect anyone. I suppose if you download and install anything from anyone and spend your days on eastern european porn sites, you might get something. Oh, and your computer too!
I'm not sure you understand the nature of these ME bugs.

The ME is like a special core, inside your CPU, that has privileged access to the rest of the entire system. On top of that, it's pretty much directly connected to the network.

What that means is that, if there's a remote vulnerability, someone on your network could get root access to you box. That's one of the worst kinds of exploits, and it's a vulnerability that is especially of concern to corporations and potentially some cloud networks, where you have a ton of machines on the same networks.

A lot of the side-channel attacks that we've been hearing about, recently, tend to require having some code already running on the box (although even simple Javascript in a web browser could be sufficient, in some cases). For those, I wouldn't worry too much about servers that are entirely under my control. It's only people running in VMs on cloud servers with unknown code running in other VMs that mainly worry about that stuff.
 
Jan 17, 2020
42
6
35
0
I'm not sure you understand the nature of these ME bugs.

The ME is like a special core, inside your CPU, that has privileged access to the rest of the entire system. On top of that, it's pretty much directly connected to the network.

What that means is that, if there's a remote vulnerability, someone on your network could get root access to you box. That's one of the worst kinds of exploits, and it's a vulnerability that is especially of concern to corporations and potentially some cloud networks, where you have a ton of machines on the same networks.

A lot of the side-channel attacks that we've been hearing about, recently, tend to require having some code already running on the box (although even simple Javascript in a web browser could be sufficient, in some cases). For those, I wouldn't worry too much about servers that are entirely under my control. It's only people running in VMs on cloud servers with unknown code running in other VMs that mainly worry about that stuff.
There may be 5-7 people on earth that understand it better than I do. And you're fairly wrong on nearly evert single count. You're extremely unlikely to have any sort of problem unless you download malware. No, some random software on the internet cannot infect a desktop via the ME without you doing anything stupid.
 

bit_user

Splendid
Ambassador
There may be 5-7 people on earth that understand it better than I do. And you're fairly wrong on nearly evert single count.
Talk is cheap. Tell me something I probably don't know about it.

You're extremely unlikely to have any sort of problem unless you download malware. No, some random software on the internet cannot infect a desktop via the ME without you doing anything stupid.
I didn't actually say "some random software on the internet". Misquoting me only hurts your credibility. I specifically cited large corporate networks.

Now, I see that where I was slightly mistaken was in my belief that the ME was always connected to the network. According to this, only systems with the vPro enterprise feature are.

https://www.blackhat.com/docs/eu-17/materials/eu-17-Goryachy-How-To-Hack-A-Turned-Off-Computer-Or-Running-Unsigned-Code-In-Intel-Management-Engine.pdf

However, that would tend to include most servers and even desktops deployed in corporate/enterprise environments. So, I stand by my previous assertion.

You've presented no evidence refuting my claims - only weak insults and bravado. Next time, try harder.

BTW, I misspoke - it resides in the chipset - not the CPU. That doesn't seem to limit the amount of damage it can inflict on the host.
 
Last edited:
Jan 17, 2020
42
6
35
0
Talk is cheap. Tell me something I probably don't know about it.


I didn't actually say "some random software on the internet". Misquoting me only hurts your credibility. I specifically cited large corporate networks.

Now, I see that where I was slightly mistaken was in my belief that the ME was always connected to the network. According to this, only systems with the vPro enterprise feature are.

https://www.blackhat.com/docs/eu-17/materials/eu-17-Goryachy-How-To-Hack-A-Turned-Off-Computer-Or-Running-Unsigned-Code-In-Intel-Management-Engine.pdf

However, that would tend to include most servers and even desktops deployed in corporate/enterprise environments. So, I stand by my previous assertion.

You've presented no evidence refuting my claims - only weak insults and bravado. Next time, try harder.

BTW, I misspoke - it resides in the chipset - not the CPU. That doesn't seem to limit the amount of damage it can inflict on the host.
Seems like you enjoy hearing yourself talk. And then the hilarity of admitting you really didn't know much at all about it...several times. I didn't have to 'try harder' after all. You self-pwned yourself nicely.
 

bit_user

Splendid
Ambassador
Seems like you enjoy hearing yourself talk. And then the hilarity of admitting you really didn't know much at all about it...several times. I didn't have to 'try harder' after all. You self-pwned yourself nicely.
Sure, I correct myself because that's what you should do, if you actually care about informing yourself and others. On the contrary, when you answer challenges only with insults, it shows that your real priority is your ego or some underlying agenda. And what I got wrong were mostly just details.

Fortunately, I'd like to believe that this is one of those places on the Internet where facts speak louder than bravado. So, I suggest you either put up (i.e. post some real information in response to my questions) or shut up. If you're such an expert on Intel's Management Engine, then you should be able to share something about it that enlightens us without violating your NDA. Also, though you implied some sort of insider status, it would be good form to disclose any vested interest you have in the matter (e.g. being employed by Intel or a shareholder). However, I don't even care too much about that, as long as your info is worthwhile and well-supported.

FWIW, I detect a decidedly anti-AMD theme to nearly all of your posts:

 
Jan 17, 2020
42
6
35
0
Sure, I correct myself because that's what you should do, if you actually care about informing yourself and others. On the contrary, when you answer challenges only with insults, it shows that your real priority is your ego or some underlying agenda. And what I got wrong were mostly just details.

Fortunately, I'd like to believe that this is one of those places on the Internet where facts speak louder than bravado. So, I suggest you either put up (i.e. post some real information in response to my questions) or shut up. If you're such an expert on Intel's Management Engine, then you should be able to share something about it that enlightens us without violating your NDA. Also, though you implied some sort of insider status, it would be good form to disclose any vested interest you have in the matter (e.g. being employed by Intel or a shareholder). However, I don't even care too much about that, as long as your info is worthwhile and well-supported.

FWIW, I detect a decidedly anti-AMD theme to nearly all of your posts:

If there's a wronger person on the internet, I'd have to look hard. I implied no such vested interest, I'm retired, and typing this from an AMD 3700X/RX 570 system.

Just be wrong and shaddup. I won't respond to your childish rants anymore.
 

bit_user

Splendid
Ambassador
If there's a wronger person on the internet, I'd have to look hard.
If there's a more useless post on the internet, I'd have to look hard.

Just be wrong and shaddup. I won't respond to your childish rants anymore.
My, what an adult thing to say.

All you've done is attack me, but you've provided no real information, yourself. So, whether you're typing on an AMD system or not, please try to offer something of value. You claimed to be a subject matter expert, but have provided absolutely zero evidence to back it up. I've got no more time for trolls.

What I think is that you're simply attacking me to distract from the real issue, which is that this is horrendous for Intel. You can't argue the issue, so you attack the messenger.
 

bit_user

Splendid
Ambassador
So, after that unpleasant digression, let's recap what a smoldering disaster Intel's Management Engine is for security:
Remember, these are not the usual Intel CPU bugs with performance-robbing mitigations. These are vulnerabilities in the chipset, itself.
 

ASK THE COMMUNITY

TRENDING THREADS