Intel Chip Flaw

[TwoTankAmin]

Some years ago I was motivated to abandon Intel CPUs in favor of AMD. Since I have never been a gamer, this move was made to avoid the WinTel complex and in reaction to Intel putting an idetifying number into CPUS. Since i am not tech savvy this was as much an e,mational reation as one based on any digital sophistication.

After reading the following in Wired, I am feeling like I was smarter than I thought:

Intel Chip Flaws Leave Millions of Devices Exposed

Security researchers have raised the alarm for years about the Intel remote administration feature known as the Management Engine. The platform has a lot of useful features for IT managers, but it requires deep system access that offers a tempting target for attackers; compromising the Management Engine could lead to full control of a given computer. Now, after several research groups have uncovered ME bugs, Intel has confirmed that those worst-case fears may be possible.,,,,,,,,,,,

As with previous ME bugs, nearly every recent Intel chip is impacted, affecting servers, PCs, and IoT devices. Compounding the issue: Intel can provide updates to manufacturers, but customers need to wait for hardware companies to actually push the fixes out. Intel's maintaining a running list of available firmware updates, but so far only Lenovo has offered one up.

from https://www.wired.com/story/intel-management-engine-vulnerabilities-pcs-servers-iot/

[TwoTankAmin]

It looks like they are moving to fix this problem. But I am still happy I use AMD

https://www.extremetech.com/computing/259426-intel-patches-major-flaws-intel-management-engine

[adisib]

Off-topic:

But I am still happy I use AMD

Indeed, Intel has done so much shady business practices that I can't envision me using anything else but AMD. See for example: https://www.youtube.com/watch?v=osSMJRyxG0k

Nvidia does similar. I will always get my graphics cards from AMD's Radeon Technologies Group.

[dark_moon]

AMD have with PSP the same crap like Intel with ME
But people check ME more then PSP yet, so it may possible what you have bigger problems with AMD when we with Intel but you dont know it yet.

[Thehandyman1957]

It looks like they are moving to fix this problem. But I am still happy I use AMD

https://www.extremetech.com/computing/259426-intel-patches-major-flaws-intel-management-engine

Hey there TwoTankAmin, did you stop doing the monthly stats? Haven't seen one in awhile.

[Tomaso]

Obviously, hardware manufacturers have deliberately been planting hidden backdoors in hardware for years, probably forced to do so by various security agencies.
Now with the Vault 7 leaks and everything, it has backfired!

Like dark_moon pointed out, AMD's PSP with ARM TrustZone technology is basically the same thing as Intel's Management Engine.
Its potential backdoors might not be known yet, but it's probably just a matter of time.

[Moonchild]

Or, of course, you could try not reading so much into features that are meant specifically for management of large numbers of computers in organizations, are normally not even present in consumer-grade CPUs, and even if so, require software to be installed that normally isn't either on consumer PCs (although business PCs may have it installed by default).

Remote management software of any kind always has the potential of being tapped into from a remote location... you know, because that is by design Does that design serve a nefarious agenda? No. Can it be abused as such? Yes. Is it? Unlikely because of the above. Is it a backdoor? Only if you don't know about it. Can you make a scare hype out of it? Absolutely!
All I ask is that you inform yourself about how these things work before repeating the hype

This particular flaw seems to be a series of flaws that, *if* remote access to the machine is possible (which is already a problem that shouldn't exist) that can talk to the ME software, that, there is the possibility that, through privilege escalation, a remote attacker could get the rights needed to use the ME software to control the CPU to do... whatever the ME software allows one to do. That's a lot of conditions to satisfy -- and the type of access that any decent firewall would already stop at the door, anyway, if not already automatically mitigated through NAT.

[Tomaso]

Old news, but still it might be new to some people..
Researchers Find a Way to Disable Much-Hated Intel ME Component, Courtesy of the NSA:
https://www.bleepingcomputer.com/news/h ... f-the-nsa/

[ron_1]

Tomaso wrote:
Old news, but still it might be new to some people..
Researchers Find a Way to Disable Much-Hated Intel ME Component, Courtesy of the NSA:
https://www.bleepingcomputer.com/news/h ... f-the-nsa/

And there is the possibility that using the mentioned tool will brick your computer.

[Isengrim]

Purism has been doing a lot of research into disabling and removing the ME from the firmware in their laptops, at least according to their blog posts and some of their other literature. I'm sure they are far from the only group interesting in doing something like this. While they're a bit fanatical about it IMHO, I think their intentions are good. Most end users outside of organizations don't need the ME's features, and the methods for completely disabling it have not always been clear.

[Thehandyman1957]

When I first learned about this I was a bit nervous about the idea but after much reading as Moonchild posted,
it wasn't even enabled on my domestic computer. There are many things that have to be turned on for anybody to
even use it. So don't sweat the small stuff.

[Tomaso]

Researcher finds another security flaw in Intel management firmware:
https://arstechnica.com/information-tec ... -firmware/

Active Management Technology defaults allow anyone to take control of many PCs.

[Moonchild]

please re-read my initial response and understand the situation before repeating the hype.

[Tomaso]

Same component, different issue.
Link contains info, without "hyping" it up.