[talk] Intel finally recognizes ME/SPS/TXE security flaws
Sujit K M
sjt.kar at gmail.com
Thu Nov 23 07:31:15 EST 2017
On Tue, Nov 21, 2017 at 2:50 AM, Isaac (.ike) Levy
<ike at blackskyresearch.net> wrote:
>
> Hi All,
>
> Years of warning, but global wailing and gnashing of teeth can commence
> ...........now:
>
> Intel finally recognizes ME/SPS/TXE security flaws
> https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
Looks more like for switches and routers.
>
> --
> Some recent interesting fun on the topic,
> https://www.blackhat.com/eu-17/briefings/schedule/#how-to-hack-a-turned-off-computer-or-running-unsigned-code-in-intel-management-engine-8668
> https://www.theregister.co.uk/2017/09/26/intel_management_engine_exploit/
> And as the topc gains in popularity,
> https://www.blackhat.com/eu-17/briefings.html#intel-me-flash-file-system-explained
These don't seem possible in an desktop etc.
>
> And in *related* news, has anyone seen this impressive piece of fun:
> "The Memory Sinkhole - Unleashing An X86 Design Flaw Allowing Universal
> Privilege Escalation"
> https://www.youtube.com/watch?v=lR0nh-TdpVg&t=1379s
FWIK It requires hardware access which is not to be available in Data
Centers etc.
> --
> Are we about done with x86 and Intel yet?
Intel is a fun company with a lot of history so I don't think We will
seem them end soon.
Intel Can easily move forward with the sort of hardware engineering
skills that they primarily
look forward.
>
> Best,
> .ike
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
--
-- Sujit K M
blog(http://kmsujit.blogspot.com/)
More information about the talk
mailing list