4 New Vulnerabilities in Most Intel CPUs
submitted 4 years ago by BackwardsCompatible from (engadget.com)
view the rest of the comments →
[–]magnora7 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 0 fun3 insightful - 1 fun - 4 years ago (3 children)
Good points, but I think it was intentional. https://www.eteknix.com/nsa-may-backdoors-built-intel-amd-processors/
[–]wizzwizz4 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 0 fun4 insightful - 1 fun - 4 years ago (0 children)
That article makes the claim:
This is faulty logic. Yes, the whole malware-prevention system is flawed if Intel releases IME software containing a backdoor (as they kind of accidentally did, by releasing buggy IME software without providing a way to invalidate that seal of approval, so an updated less-buggy IME system can just be replaced with the buggy one and then exploited as usual – which is only an issue if the attacker has IME-flashing ability, but is still a larger attack surface than strictly necessary) but that doesn't mean they're deliberately introducing backdoors into IME-signed code.
I think Intel should be making IME-free processors or making the code more open, but you're already trusting Intel when you buy their chips and install their microcode patches.
What I'd really like is if there was some mechanism like this:
This allows anyone to write code for the IME system in their device (so Puri.sm could just include an extra ROM chip and write their own IME code, then release updates to that IME system when bugs are found without having to go through Intel) without making it insecure.
[–]zyxzevn 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 0 fun4 insightful - 1 fun - 4 years ago (1 child)
I think that Intel and AMD will have gotten quite a donation for backdooring all PCs. But we will probably not really know, until it is too late.
[–]magnora7 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 0 fun4 insightful - 1 fun - 4 years ago (0 children)
I think you are almost certainly correct. It's probably part of that $60 billion per year additional "black budget" the CIA gets that no one gets to know anything about.
use the following search parameters to narrow your results:
e.g. sub:pics site:imgur.com dog
sub:pics site:imgur.com dog
advanced search: by author, sub...
~3 users here now
Information Security Technology sub. For resources, news, memes, and community.
Please review the rules before participating.
Affiliates
s/Techgore
view the rest of the comments →
[–]magnora7 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 0 fun3 insightful - 1 fun - (3 children)
[–]wizzwizz4 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 0 fun4 insightful - 1 fun - (0 children)
[–]zyxzevn 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 0 fun4 insightful - 1 fun - (1 child)
[–]magnora7 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 0 fun4 insightful - 1 fun - (0 children)