[Nottingham] Intel AMT authentication bypass
Martin
martin at ml1.co.uk
Tue May 2 16:26:42 UTC 2017
On 02/05/17 11:01, VM via Nottingham wrote:
> I knew this would happen sooner or later... There's a great chance your PC or server has Intel ME, some of them will have working AMT. A bug there allows bypassing authentication and escalating priveleges to those of God. So yeah, someone has found a (NSA?) backdoor and Intel had to patch it. However, hardware vendors most probably will not.
>
> The best analysis I've seen is at https://mjg59.dreamwidth.org/48429.html
Thanks for posting a link to a good description.
Meanwhile, "rms" continues to be 'right' from long long ago... We really
need to have open hardware that is free from requiring 'trust' in the
obfuscations of 'others'...
One to watch...
(And then there is LibreBoot ;-) )
Cheers,
Martin
--
- ╔═══════════════════╦══════════════════════════════════════════╗
- ║ Martin Lomas ║ OpenPGP (GPG/PGP) Public Key: 0xCEE1D3B7 ║
- ║ martin@ ml1 co uk ║ Import from hkp://subkeys.pgp.net or ║
- ║ ----------------- ║ http:// ml1 .co .uk/martin_ml1_co_uk.gpg ║
- ╚═══════════════════╩══════════════════════════════════════════╝
More information about the Nottingham
mailing list