There are always more problems: https://www.thezdi.com/blog/2017/10/04/vmware-escapology-how-to-houdini-the-hypervisor
https://www.youtube.com/watch?v=uRemWLNBSZg On Mon, Nov 20, 2017 at 8:05 AM, Andrew S. Baker <[email protected]> wrote: > But wait! There's more... > > https://www.youtube.com/watch?v=KrksBdWcZgQ > > > (I see your "solution" and raise you two more problems) > > Regards, > > *ASB* > > > On Sun, Nov 19, 2017 at 12:28 PM, Kurt Buff <[email protected]> wrote: > >> The OS in question (minix), isn't in the main CPU - it's in the CPU of >> the management engine, which is completely separate, and doesn't, or at >> least shouldn't, affect system performance. >> https://en.wikipedia.org/wiki/Intel_Active_Management_Technology#Hardware >> >> That actually makes it worse, since as long as the machine is connect to >> power, even though putatively "off", the management engine is available. >> That is, if it's been configured. This is an enterprise feature, so the ME >> is usually not active in consumer-grade computers. >> >> But, if it's present and turned on, then it's pretty risky: >> https://www.theregister.co.uk/2017/11/09/chipzilla_come_clos >> er_closer_listen_dump_ime/ >> >> But there's some hope, of a sort - Google is on the case: >> http://www.tomshardware.com/news/google-removing-minix-manag >> ement-engine-intel,35876.html >> >> Kurt >> >> On Sun, Nov 19, 2017 at 6:34 AM, Andrew S. Baker <[email protected]> >> wrote: >> >>> No wonder our machines don't seem as fast as we think they *could* >>> be... They're busy running more stuff than we thought: >>> >>> http://www.zdnet.com/article/minix-intels-hidden-in-chip-ope >>> rating-system/ >>> >>> The security implications are also pretty staggering... >>> >>> Regards, >>> >>> *ASB* >>> >>> >> >
