SoylentNews is people
SoylentNews
from the we-should-all-be-using-riscv dept.
Intel Warns of Critical Info-Disclosure Bug in Security Engine
A critical security bug in the Intel Converged Security and Manageability Engine (CSME) could allow escalation of privilege, denial of service or information disclosure.
The details are included in a bug advisory that in total covers 77 vulnerabilities, 67 of which were found by internal Intel staff. The silicon giant has rolled out firmware updates and software patches to address these, which range in severity from the one critical flaw to a low-severity local privilege-escalation issue.
The affected products are: Intel CSME, Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL).
[...]The critical flaw is a heap overflow bug with a score of 9.6 out of 10 on the CVSS v.3 severity scale (CVE-2019-0169). It exists in the subsystem in the Intel CSME, which is a standalone chip on Intel CPUs that is used for remote management. The vulnerability and[sic] could allow an unauthenticated user to enable escalation of privileges, information disclosure or denial of service via adjacent access.
“Adjacent access” means that an attack must be launched from the same shared physical network or local IP subnet, or from within the same secure VPN or administrative network zone.
Read the rest of the article for details on the additional vulnerabilities that were addressed.
(Score: 0) by Anonymous Coward on Wednesday November 13 2019, @02:06AM (13 children)
Or you can just run Apple, which is secure by design.
(Score: 2) by Mojibake Tengu on Wednesday November 13 2019, @02:12AM (8 children)
Unfortunately for Apple, the weakest part of the Apple design is the Intel CPU.
Respect Authorities. Know your social status. Woke responsibly.
(Score: 2) by takyon on Wednesday November 13 2019, @02:13AM (6 children)
They will move to Apple ARM chips [tomshardware.com]. Checkmate!
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 4, Funny) by c0lo on Wednesday November 13 2019, @02:57AM
I can't stop to note the verb tense in the proposition just before the "Checkmate!"
Besides, in the linked, there are some other bits
Which is like "Someone says the Jesus'es second coming may happen as soon as 2020"
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by Mojibake Tengu on Wednesday November 13 2019, @02:58AM (4 children)
Yes. Intel not to be trusted is the main reason. Also, Apple engineering zealots worship energy consumption reduction at all costs, which does not help users much and Intel's future either. There is only one thing which could motivate me to come back to Apple products again: an AMD based MacBook Pro at 19' size. Not an Intel, and definitely not a toy size mechanically fragile flat pack.
Respect Authorities. Know your social status. Woke responsibly.
(Score: 2) by jmichaelhudsondotnet on Wednesday November 13 2019, @12:32PM (3 children)
19"
ftfy
And you thought no one was reading this deep in the thread.
19' macbooks coming for xmas 2020!!!!!! You think you have seen a big screen, but wait til you see this!
(Score: 2) by hendrikboom on Thursday November 14 2019, @01:07AM (2 children)
For those who use metric, 19" is nineteen inches, about 50 cm.
19' is nineteen feet, about 580 cm.
-- hendrik
(Score: 2) by driverless on Thursday November 14 2019, @12:30PM (1 child)
What's that in furlongs? We haven't switched to these newfangled inchy things yet where I live.
(Score: 1, Touché) by Anonymous Coward on Friday November 15 2019, @11:11AM
It's 28.79 millifurlongs [wolframalpha.com]
(Score: 0) by Anonymous Coward on Wednesday November 13 2019, @08:31AM
What about that "made in China bit? Intel introduces one or more weaknesses into Apple products, and the (slave?) labor in China introduces more.
(Score: 3, Insightful) by SomeGuy on Wednesday November 13 2019, @02:28AM (3 children)
One of those Talos II PPC based systems is looking really nice right now.
(Score: 2) by Acabatag on Wednesday November 13 2019, @03:15AM (2 children)
I went to the Raptor Computing web page to see what the Talos II was about. There was a nice hardware page. I clicked to switch over to the software page.
It was completely blank. So I switched over to a browser without NoScript and an Adblocker to see what was not showing on the 'Software' page because my browser was blocking it. Still a blank page.
So do you have to run NetBSD on this thing? I like NetBSD a lot, but it limits me for the most part to pkgsrc. Lots of good software there, but lots of things are missing.
(Score: 3, Informative) by RamiK on Wednesday November 13 2019, @03:54AM
https://wiki.raptorcs.com/wiki/Operating_System_Compatibility_List [raptorcs.com]
compiling...
(Score: 2) by driverless on Thursday November 14 2019, @12:35PM
It's also ludicrously expensive. Not just really expensive, or damn expensive, or even ridiculously expensive, this is all the way to... ludicrously expensive.