SoylentNews is people
SoylentNews
It's time to update your Management Engine:
Intel has issued a security alert that management firmware on a number of recent PC, server, and Internet-of-Things processor platforms are vulnerable to remote attack. Using the vulnerabilities, the most severe of which was uncovered by Mark Ermolov and Maxim Goryachy of Positive Technologies Research, remote attackers could launch commands on a host of Intel-based computers, including laptops and desktops shipped with Intel Core processors since 2015. They could gain access to privileged system information, and millions of computers could essentially be taken over as a result of the bug. Most of the vulnerabilities require physical access to the targeted device, but one allows remote attacks with administrative access.
The company has posted a detection tool on its support website for Windows and Linux to help identify systems that are vulnerable. In the security alert, members of Intel's security team stated that "in response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of its Intel® Management Engine (ME), Intel® Trusted Execution Engine (TXE), and Intel® Server Platform Services (SPS) with the objective of enhancing firmware resilience."
Intel® Management Engine Critical Firmware Update (Intel SA-00086)
U.S. government warns about cyber bug in Intel chips
The U.S. government on Tuesday urged businesses to act on an Intel Corp alert about security flaws in widely used computer chips as industry researchers scrambled to understand the impact of the newly disclosed vulnerability.
The Department of Homeland Security gave the guidance a day after Intel said it had identified security vulnerabilities in remote-management software known as 'Management Engine' that shipped with eight types of processors used in business computers sold by Dell Technologies, Lenovo, HP Inc, Hewlett Packard Enterprise and other manufacturers."
Security experts said that it was not clear how difficult it would be to exploit the vulnerabilities to launch attacks, though they found the disclosure troubling because the affected chips were widely used.
"These vulnerabilities affect essentially every business computer and server with an Intel processor released in the last two years," said Jay Little, a security engineer with cyber consulting firm Trail of Bits.
The official warning is here. Good luck to everybody! Good luck.
(Score: 3, Insightful) by crafoo on Thursday November 23 2017, @03:17PM (8 children)
Where is the patch to remove the Intel management engine? Never mind, I wouldn't trust such a patch from Intel anyway. We need open, fully documented hardware now. I wouldn't shed a tear if x86 died along the way either.
(Score: 2) by TheGratefulNet on Thursday November 23 2017, @03:36PM (1 child)
that old DECstation or VAXstation that was thrown out years ago; maybe I should have kept it. no updates, but also no viruses. OS was so ancient, it might not even be fingerprintable via its network stack ;)
old sparc-stations, too. I bet you can find tons of them, used. and sgi 'indy' and such. all non-intel. all long before the 'everyone spies' era.
"It is now safe to switch off your computer."
(Score: 2) by jasassin on Friday November 24 2017, @01:54AM
I completely understand where you are coming from. The problem is all the hardware on the systems is proprietary. The monitors the keyboards, the mice. Finding a fully functional sparc or sgi system is difficult. For the price, you'd be better off with a $75 craigslist laptop.
jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
(Score: 0, Informative) by Anonymous Coward on Thursday November 23 2017, @05:15PM (2 children)
https://puri.sm/posts/purism-librem-laptops-completely-disable-intel-management-engine/ [puri.sm]
(Score: 2) by frojack on Thursday November 23 2017, @10:13PM (1 child)
Only works if you buy a computer from them.
You can't just use their stuff on any random dell or HP.
Please stop posting this as if it were a real fix.
No, you are mistaken. I've always had this sig.
(Score: 1) by Deeo Kain on Friday November 24 2017, @10:27AM
It is a real fix if you need a new system or if you decide your privacy and security is worth the investment.
(Score: 0) by Anonymous Coward on Thursday November 23 2017, @07:02PM (2 children)
If you can, support the guys at Raptor Engineering [raptorcs.com] working to bring us modern, powerful and fully owner-controlled computing systems, which should have free software all the way down to the processor microcode.
(Score: 0) by Anonymous Coward on Friday November 24 2017, @01:14AM
A crowdfunding option that would place the motherboard price in-line with the available CPU options.
As it is, the motherboard costs 2.5-5x the cost of the cpu(s) needed to take full advantage of it.
And bonus: If you only run 1 cpu you lost half of both the memory channels *AND* PCI Express channels on their motherboard.
Kind of makes you wonder what you are paying 2 grand for, when the CPUs are doing all the heavy lifting.
(Score: 1, Informative) by Anonymous Coward on Friday November 24 2017, @10:23AM
No way: IBM's systems are plagued by a similar contraption compared to Intel's Management Engine: it's called IPMI, Intelligent Platform Management Interface, and it consists in a hardware chip implanted in the motherboard running it's own OS capable of accessing every piece of hardware independently from the CPU. It's all managed from it's own ROM that is inaccessible from the running OS, the one the user sees, which is closed source and proprietary and cannot be reflashed.