RE: [NTSysADM] OS in the CPU

Mon, 20 Nov 2017 08:51:04 -0800 

Some call them opportunities, we in IT call them job security. J

--
There are 10 kinds of people in the world...
         those who understand binary and those who don't.

¯\_(ツ)_/¯

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Kurt Buff
Sent: Monday, November 20, 2017 11:34 AM
To: ntsysadm <ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] OS in the CPU

There are always more problems:

https://www.thezdi.com/blog/2017/10/04/vmware-escapology-how-to-houdini-the-hypervisor

https://www.youtube.com/watch?v=uRemWLNBSZg

On Mon, Nov 20, 2017 at 8:05 AM, Andrew S. Baker 
<asbz...@gmail.com<mailto:asbz...@gmail.com>> wrote:
But wait!   There's more...

https://www.youtube.com/watch?v=KrksBdWcZgQ


​(I see your "solution" and raise you two more problems)​


Regards,

 ASB


On Sun, Nov 19, 2017 at 12:28 PM, Kurt Buff 
<kurt.b...@gmail.com<mailto:kurt.b...@gmail.com>> wrote:
The OS in question (minix), isn't in the main CPU - it's in the CPU of the 
management engine, which is completely separate, and doesn't, or at least 
shouldn't, affect system performance.
https://en.wikipedia.org/wiki/Intel_Active_Management_Technology#Hardware
That actually makes it worse, since as long as the machine is connect to power, 
even though putatively "off", the management engine is available. That is, if 
it's been configured. This is an enterprise feature, so the ME is usually not 
active in consumer-grade computers.
But, if it's present and turned on, then it's pretty risky:
https://www.theregister.co.uk/2017/11/09/chipzilla_come_closer_closer_listen_dump_ime/
But there's some hope, of a sort - Google is on the case:
http://www.tomshardware.com/news/google-removing-minix-management-engine-intel,35876.html
Kurt

On Sun, Nov 19, 2017 at 6:34 AM, Andrew S. Baker 
<asbz...@gmail.com<mailto:asbz...@gmail.com>> wrote:
No wonder our machines don't seem as fast as we think they *could* be...     
They're busy running more stuff than we thought:

http://www.zdnet.com/article/minix-intels-hidden-in-chip-operating-system/

The security implications are also pretty staggering...

Regards,

 ASB

Reply via email to