Results 1 to 6 of 6

Thread: AMT Security Issue....

  1. #1
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    23,874
    Blog Entries
    1

    Default AMT Security Issue....


  2. #2
    Join Date
    Nov 2013
    Location
    Kamloops, BC, Canada
    Posts
    4,029

    Default Re: AMT Security Issue....

    But, again, as with the other weaknesses with the Intel CPU in past few days, attacker first needs direct local physical access to the machine.

    Therefore, for many of us (probably a healthy majority), it is really not as much of a threat as the Chicken Little Tech Media would like us to believe.

    I point out that in extensive research over the past while since these threats became public, for Meltdown and Spectre in particular, I find all reliable techs reporting the same as in this excerpt, along with my own tests:
    The exploits allow malicious code executed on one part of a CPU to access information being executed on another part of the CPU. The methods by which a typical hacker could access your CPU requires them to have machine access. For IT departments and homeowners good endpoint protection, like always, is needed. In this way the security risk is no different than others that have come along this week, month, and year. They are a daily occurrence. We also need to ensure our devices are updated, software patched, and security in place.


    What makes these latest exploits special is that in a shared environment, where multiple organizations are using the same machine (i.e. the cloud) to build applications, the exploit could be intentionally introduced to hardware directly by a hacker using the service or indirectly by another organization who’s security may not be as good as yours. It is an illustration of the risks of a shared infrastructure and the importance of our shared responsibility in protecting it. The organizations that have the biggest worries include CPU vendors themselves and the big cloud vendors. The true impact is still being assessed as the easy fixes have the potential to degrade the performance of some of their services.
    There was also this, but:
    So if the exploit is only usable by those with direct access to the CPU then I am safe, right? Well, not necessarily. As researchers have reported, the Spectre exploit theoretically can be run with Javascript, so it is essential to have good protection in place to keep your systems and your users safe—this includes a DNS Firewall to protect against bad links.
    ... I keep JavaScript turned off. I only turn JavaScript on if it is absolutely required, and then only with people or sites I am certain I can trust.
    "Take a Walk on a Sunny Day, Greet everyone along the way, and Make Somebody Smile, Today"
    Gerry Jack Macks"Walk On A Sunny Day" GerryJackMacks.net

  3. #3
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    23,874
    Blog Entries
    1

    Default Re: AMT Security Issue....

    But, again, as with the other weaknesses with the Intel CPU in past few days, attacker first needs direct local physical access to the machine.
    Yep, they did explain that in the scenario

  4. #4
    Join Date
    Nov 2013
    Location
    Kamloops, BC, Canada
    Posts
    4,029

    Default Re: AMT Security Issue....

    Quote Originally Posted by deano_ferrari View Post
    Yep, they did explain that in the scenario
    Heh. I knew you know that, Deano. I was pointing it out for all those who are in a state of high panic.
    "Take a Walk on a Sunny Day, Greet everyone along the way, and Make Somebody Smile, Today"
    Gerry Jack Macks"Walk On A Sunny Day" GerryJackMacks.net

  5. #5
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    23,874
    Blog Entries
    1

    Default Re: AMT Security Issue....

    Quote Originally Posted by Fraser_Bell View Post
    Heh. I knew you know that, Deano. I was pointing it out for all those who are in a state of high panic.
    They can just wear tin-foil hats!

  6. #6
    Join Date
    Oct 2014
    Location
    Rotterdam
    Posts
    768

    Default Re: AMT Security Issue....

    The problem with AMT is that Intel kept it secret and that AMT has access to your whole computer, cpu, network interfaces and disks.

    I see it as some kind of backdoor and although I think currently there are no exploits, I do not like the idea of a backdoor.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •