[talk] Intel finally recognizes ME/SPS/TXE security flaws

Sujit K M sjt.kar at gmail.com
Thu Nov 23 07:31:15 EST 2017


On Tue, Nov 21, 2017 at 2:50 AM, Isaac (.ike) Levy
<ike at blackskyresearch.net> wrote:
>
> Hi All,
>
> Years of warning, but global wailing and gnashing of teeth can commence
> ...........now:
>
> Intel finally recognizes ME/SPS/TXE security flaws
> https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

Looks more like for switches and routers.

>
> --
> Some recent interesting fun on the topic,
> https://www.blackhat.com/eu-17/briefings/schedule/#how-to-hack-a-turned-off-computer-or-running-unsigned-code-in-intel-management-engine-8668
> https://www.theregister.co.uk/2017/09/26/intel_management_engine_exploit/
> And as the topc gains in popularity,
> https://www.blackhat.com/eu-17/briefings.html#intel-me-flash-file-system-explained

These don't seem possible in an desktop etc.

>
> And in *related* news, has anyone seen this impressive piece of fun:
> "The Memory Sinkhole - Unleashing An X86 Design Flaw Allowing Universal
> Privilege Escalation"
> https://www.youtube.com/watch?v=lR0nh-TdpVg&t=1379s

FWIK It requires hardware access which is not to be available in Data
Centers etc.

> --
> Are we about done with x86 and Intel yet?

Intel is a fun company with a lot of history so I don't think We will
seem them end soon.
Intel Can easily move forward with the sort of hardware engineering
skills that they primarily
look forward.

>
> Best,
> .ike
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk



-- 
-- Sujit K M

blog(http://kmsujit.blogspot.com/)




More information about the talk mailing list