Not that anyone is surprised or even cares but two more severe bugs have been found in the Intel Management Engine firmware. They allow remote execution with full privileges:
https://nvd.nist.gov/vuln/detail/CVE-2018-3627
https://nvd.nist.gov/vuln/detail/CVE-2018-3628
An article about these vulnerabilities on Tech Republic provides summaries and lists the affected processors.
(Score: 3, Insightful) by Thexalon on Tuesday July 31 2018, @12:59PM (12 children)
The NSA now has a new way of getting into Intel-based machines.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 4, Insightful) by The Mighty Buzzard on Tuesday July 31 2018, @01:06PM (2 children)
Almost certainly doesn't need one though. I have no doubt whatsoever that they had the keys to the kingdom on every Intel box that had it within two weeks of the IME shipping.
My rights don't end where your fear begins.
(Score: 2) by bob_super on Tuesday July 31 2018, @04:31PM (1 child)
Pretty much by definition.
The NSA advises/controls purchases for millions of computers deemed "sensitive". Intel has regular meetings with them to show them the latest boot/firmware code, in exchange for which they occasionally get told to fix a bug or two, and get to sell to that market.
(Score: 0, Disagree) by Anonymous Coward on Wednesday August 01 2018, @08:06AM
FTFY
(Score: 2) by DannyB on Tuesday July 31 2018, @01:37PM (8 children)
Allow me to speculate wildly.
Once upon a time the NSA had a way into all PCs via an NSA malware tool known as Windows.
Linux growth spoiled that. Shame, shame!
Now we have compromise baked directly into the hardware. What could be better? And best of all, the end users pay for it!
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 4, Touché) by Thexalon on Tuesday July 31 2018, @02:32PM (7 children)
Counterpoint: They can still get in by taking advantage of the malware tool known as "systemd".
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 2) by DannyB on Tuesday July 31 2018, @03:10PM (2 children)
That is a Touché!
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 0) by Anonymous Coward on Tuesday July 31 2018, @04:32PM (1 child)
Show us on the teddy bear where pedobear touchéd you.
(Score: 4, Funny) by The Mighty Buzzard on Tuesday July 31 2018, @07:22PM
Douché.
My rights don't end where your fear begins.
(Score: 0) by Anonymous Coward on Tuesday July 31 2018, @09:15PM
Intel has been patching old firmwares, sometimes even multiple times... but they only distribute some of them, nevermind all are marked as ready.
Example with two unreleased updates (or three, where is 0x08?) https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903141 [debian.org]
So why update them and later keep them? Only for NSA machines?
(Score: 2) by eravnrekaree on Wednesday August 01 2018, @03:08AM (1 child)
This is so misinformed its really astounding. You can configure systemd to your hearts content. Its open source. You control it. If you would actually look into it rather than rattle off some canned token phrase you heard someone else say, you would know that.
(Score: 0) by Anonymous Coward on Thursday August 02 2018, @02:59PM
Configure? How about change?
Let's start with decoupling it from the Dessktop so it can act only as an init
(Score: 0) by Anonymous Coward on Thursday August 02 2018, @02:56PM
Does anyone comprehend SystemD enough to do that and not unintentionally break stuff?