Re: [qubes-users] Re: [Cryptography] Intel Management Engine pwnd

[taii...@gmx.com]

On 11/22/2017 11:46 PM, Yuraeitha wrote:


So for example, there is no issue buying a motherboard (and cleaning it up), 
with an intel NIC, just as long you do not use the nic, right? I mean, it 
cannot execute commands inwards to the motherboard, but only whatever passes 
through the NIC when its in use?

Why would you buy one when there are so many alternatives?

So if for example inserting a more trusted PCI nic card, and just ignoring the 
intel nic, it should be no problem?
Not how it works, intel nic or not you have the same level of security 
once you use me_cleaner - additionally the non LOM series intel nic 
ASIC's lack the ME ability irregardless and one can also modify the LOM 
series firmware to remove that ability.


The whole "oh you are fine from hypothetical nation state backdoors if 
you use a non-intel nic" rumor was started by purism - it is absolutely 
false. If such a backdoor existed they surely would have thought of that 
already - there are a variety of methods to communicate and control with 
a PCI-e networking device without having drivers for each and every NIC 
on the market.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4e7aed35-51e8-36fd-f075-f765ee20e3f4%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: [Cryptography] Intel Management Engine pwnd

[taii...@gmx.com]

On 11/22/2017 10:11 PM, Yuraeitha wrote:


Nice! I did not know about TALOS, seems really interesting. I had kinda lost 
any hope for POWER CPU's since IBM are such big slackers when it comes to 
getting POWER marketed or supporting motherboard developers in the mass 
markets. The way I understand it, it's significantly easier to make 
motherboards, compared to making CPU's, and existing RAM technology can be 
used. So it was a bit mind-boggling for me that no one went ahead and made 
POWER motherboards. Not enough interest by the people at least capable of 
making motherboards, I guess? or my understanding of it falls short perhaps.
Actually a lot of companies made POWER 8 motherboards you just didn't 
hear about it (as they aren't mass market)
POWER 9 is a lot more accessible so there will be many more partners, as 
more components are now on the CPU die it is cheaper to make 
motherboards (which is also why TALOS 2 is a reality) and thus more will 
be made.


Look up the OpenPOWER foundation, despite all the really bad things they 
have done in the past IBM is making many strides for computing freedom. 
What other company releases this level of information on their CPU's? 
their hardware? lets you fix your own microcode and gives you the 
documentation to teach yourself how to do so?

But either way, TALOS is really good news. Though its a bit sad that its so 
pricy and only for desktops.
The price is average for hardware in its performance class, like I said 
there are many lower priced (and lower performance) options but now we 
are lucky enough to have one in the very high performance sphere.

Especially as mobile devices are becoming so powerful, that desktops are less 
relevant for most normal people these days. It makes the desktop market 
smaller, and TALOS even harder to sell to normal people and thereby probably 
also less likely to drop in price then too. And as a result, much less likely 
to come to laptops as well then. Unless something changes? Seems like an evil 
unbreakable circle, unless a shortcut is being cut out somewhere.
TALOS 2 isn't meant for "normal people" - even I would be hard pressed 
to use the full capabilities of even the lower end POWER9 CPU's to the 
point where I would really be getting my moneys worth.


The market segment is the small corporation concerned about IP theft 
that wants high performance secure computing and may already be using 
POWER systems, not grandma and not even you or me but I will however be 
purchasing one once I find full time employment again as I believe in 
the cause and I want to support them.
It is the first time one can get a free firmware system off the shelf 
with the latest and greatest technology, no matter the cost they have 
truly done something special here.

For one, the price is waay to high for most regular people.
What hopes do we have for cheaper hardware, made available for the more popular 
devices (like laptops and phones), I wonder.
You already have cheaper/slower hardware, such as the KCMA-D8 and 
KGPE-D16 (libre firmware ports and OpenBMC ports made by the same 
company) or the open source init G505S laptop.
You can make a libre firmware workstation that can play the latest games 
in a VM for $500 total.


In the case of TALOS 2 it fills the gap in the ultra high performance 
category, where as the D8 and D16 are the low-medium performance category.

It's so frustrating, getting hopes, but at the same time, just enough out of 
reach, dangling there like a carrot on a stick, laughing at you. Frustrating...

also, lmao, indeed, the claims and lack of results to show for, are gonna make 
purism a laughing stock for years to come. Maybe if they involved the open 
source community and got a huge backing with a single voice, but instead, many 
open source people got offended by their overestimated claims. The irony...
They still refuse to take the input of the community in to account, but 
constantly attack people like me who give them the constructive 
criticism they deserve - they say "oh we are doing our best to free ME" 
aka waiting and hoping someone else will do so. They have no hardware 
engineers on staff so no one to tell them how impossible and pointless 
that is.


The only thing they are good at is marketing, it is truly incredible the 
amount of spin and slick lingo they have on their website - hell there 
are even paid shills on various mailinglists who attack me and others on 
a regular basis.


They have easily made a libre laptop via either the AMD FT3 mobile 
platform (high end when they released their second laptop) or hell even 
a KCMA-D8 in a custom fab case with a custom battery, keyboard, etc and 
a 35W 8 core CPU - heavy? sure free? definitely.


On the coreboot website it says that you can't have free firmware for 
the latest and greatest x86-64 stuff due to the level of churn, but they 
still don't listen and refuse to change course and admit they made bad 
choices.


Even leah rowe made right 

Re: [qubes-users] Re: [Cryptography] Intel Management Engine pwnd

[taii...@gmx.com]

On 11/22/2017 11:26 PM, Yuraeitha wrote:


oh btw Tai, I realized I missed your AMD line comment.
I'm well aware that AMD sucks too, but this is not my point I tried to make. The point is that AMD 
looks good (for other reasons), compared to Intel right now. If Intel wants to fight back, they 
could for starters try stop appearing so... well.. "evil" or needlessly and overly 
"greedy" beyond reason.
If you really need a *brand new* x86-64 CPU then yes AMD is a better 
company, a few thousand people on reddit was enough to get executive 
level attention about PSP and they somewhat entertained the idea of 
providing a way to truly disable it or offer CPU's without it - not that 
they did but even google can't get intels attention like that.
For now however a Socket G34 6328/6386SE is more than good enough for 
just about anything.


AMD is a much smaller company with a much smaller market share.

So I'm not saying AMD is any better, it's just that AMD can be used, like a 
tool, to fuck Intel up enough, to force Intel's hand to do something good 
(hopefully). Question is, will enough people do it, in orcer to force Intel's 
hand. And if enough do it, then its probably not for this reason. But 
nontheless, whatever little helps to send Intel a clear signal that they need 
to behave to regain any love.
Intel is too big of a company for anyone to make an impact short of a 
nation state deciding to no longer buy their products for its 
governmental computers which would actually be a really smart idea 
(however none have done so)


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d814f3e5-6080-6b4d-5801-ae73a9dc2059%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: [Cryptography] Intel Management Engine pwnd

[Yuraeitha]

On Thursday, November 23, 2017 at 4:34:07 AM UTC, tai...@gmx.com wrote:
> On 11/22/2017 10:54 PM, jkitt wrote:
> 
> > On Wednesday, 22 November 2017 13:34:26 UTC, Sandy Harris  wrote:
> >>  From a crypto list, seemed relevant here.
> >> .
> >> Oh joy...
> >>
> >> Intel finds critical holes in secret Management Engine hidden in tons
> >> of desktop, server chipsets
> >> https://www.theregister.co.uk/2017/11/20/intel_flags_firmware_flaws/
> >> .
> > So I have my ME "turned off", and I understand off never means off, but can 
> > it still be remotely exploited? I'm using a wireless NIC.
> If you use me_cleaner as of now there are no *public* exploits that 
> allow for that, although I wouldn't be using an intel wireless NIC as I 
> am sure they have some unpublished extra ME features besides the vPro 
> ones that are documented.

So for example, there is no issue buying a motherboard (and cleaning it up), 
with an intel NIC, just as long you do not use the nic, right? I mean, it 
cannot execute commands inwards to the motherboard, but only whatever passes 
through the NIC when its in use? 

So if for example inserting a more trusted PCI nic card, and just ignoring the 
intel nic, it should be no problem?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/66789f67-31bd-4482-b938-4dc38fe15996%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: [Cryptography] Intel Management Engine pwnd

[taii...@gmx.com]

On 11/22/2017 10:54 PM, jkitt wrote:


On Wednesday, 22 November 2017 13:34:26 UTC, Sandy Harris  wrote:

 From a crypto list, seemed relevant here.
.
Oh joy...

Intel finds critical holes in secret Management Engine hidden in tons
of desktop, server chipsets
https://www.theregister.co.uk/2017/11/20/intel_flags_firmware_flaws/
.

So I have my ME "turned off", and I understand off never means off, but can it 
still be remotely exploited? I'm using a wireless NIC.
If you use me_cleaner as of now there are no *public* exploits that 
allow for that, although I wouldn't be using an intel wireless NIC as I 
am sure they have some unpublished extra ME features besides the vPro 
ones that are documented.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b60b2c00-47f1-4c19-1678-9229c0e197f6%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [Cryptography] Intel Management Engine pwnd (was: How to find hidden/undocumented instructions

[Yuraeitha]

On Thursday, November 23, 2017 at 3:54:57 AM UTC, jkitt wrote:
> On Wednesday, 22 November 2017 13:34:26 UTC, Sandy Harris  wrote:
> > From a crypto list, seemed relevant here.
> > .
> > Oh joy...
> > 
> > Intel finds critical holes in secret Management Engine hidden in tons
> > of desktop, server chipsets
> > https://www.theregister.co.uk/2017/11/20/intel_flags_firmware_flaws/
> > .
> 
> So I have my ME "turned off", and I understand off never means off, but can 
> it still be remotely exploited? I'm using a wireless NIC.

@jkitt a good question, we need some more answers. For starters, where is the 
proof that it works, and not just take "experts words for that it works". 
Taking a word for it, simply just isn't good enough. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a18e14e2-ec65-41c3-9c5b-7c4282b4490e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: [Cryptography] Intel Management Engine pwnd

[Yuraeitha]

On Thursday, November 23, 2017 at 2:46:16 AM UTC, tai...@gmx.com wrote:
> On 11/22/2017 05:07 PM, Yuraeitha wrote:
> 
> > Now seems like a really good time to twist Intel's arm to the back and 
> > force them to get rid of these invasive blobs, once and for all. Going open 
> > source, should be the very minimum solution, after all, how can we trust a 
> > company like this otherwise, if they don't at least try to be as 
> > transparent as possible. They lack trust enough already as it is, them now 
> > admitting it should mean no more roadblocks to get rid of it once and for 
> > all.
> >
> > If they got to the point and they admitted it (and its no longer a case of 
> > proving its existence), and still don't want to do the right thing, then 
> > imho, all hell should break loose.
> >
> > Even if AMD is fucked up in this way as well, I'll buy AMD until Intel get 
> > this right. Because right now, Intel needs to look good again, while AMD 
> > does not after its come-back. Boycutting Intel now, may force its hand to 
> > do the right thing. Push em where it hurts.
> >
> > And if Intel finally does the right thing, then who knows, AMD may follow 
> > suit. AMD is halfway there already anyway.
> >
> AMD has PSP, which is their version of ME. It is no better.
> 
> owner controlled POWER is the future, if enough people buy TALOS 
> products eventually they'll be a lower end option (FYI the TALOS 2 price 
> is appropriate for high end server hardware, it is actually less than 
> Intel's stuff)
> 
> If google can't convince intel to offer a way to remove ME then no one 
> can, certainly not a small company with no real connections and no 
> hardware engineers (purism)

oh btw Tai, I realized I missed your AMD line comment. 
I'm well aware that AMD sucks too, but this is not my point I tried to make. 
The point is that AMD looks good (for other reasons), compared to Intel right 
now. If Intel wants to fight back, they could for starters try stop appearing 
so... well.. "evil" or needlessly and overly "greedy" beyond reason.

So I'm not saying AMD is any better, it's just that AMD can be used, like a 
tool, to fuck Intel up enough, to force Intel's hand to do something good 
(hopefully). Question is, will enough people do it, in orcer to force Intel's 
hand. And if enough do it, then its probably not for this reason. But 
nontheless, whatever little helps to send Intel a clear signal that they need 
to behave to regain any love.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a43c179c-0091-4c12-8bbb-e97e5c1a892e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [Cryptography] Intel Management Engine pwnd (was: How to find hidden/undocumented instructions

[jkitt]

On Wednesday, 22 November 2017 13:34:26 UTC, Sandy Harris  wrote:
> From a crypto list, seemed relevant here.
> .
> Oh joy...
> 
> Intel finds critical holes in secret Management Engine hidden in tons
> of desktop, server chipsets
> https://www.theregister.co.uk/2017/11/20/intel_flags_firmware_flaws/
> .

So I have my ME "turned off", and I understand off never means off, but can it 
still be remotely exploited? I'm using a wireless NIC.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bb84ce1e-52bd-4da0-a4e4-a1f59b120f30%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: [Cryptography] Intel Management Engine pwnd

[Yuraeitha]

On Thursday, November 23, 2017 at 2:46:16 AM UTC, tai...@gmx.com wrote:
> On 11/22/2017 05:07 PM, Yuraeitha wrote:
> 
> > Now seems like a really good time to twist Intel's arm to the back and 
> > force them to get rid of these invasive blobs, once and for all. Going open 
> > source, should be the very minimum solution, after all, how can we trust a 
> > company like this otherwise, if they don't at least try to be as 
> > transparent as possible. They lack trust enough already as it is, them now 
> > admitting it should mean no more roadblocks to get rid of it once and for 
> > all.
> >
> > If they got to the point and they admitted it (and its no longer a case of 
> > proving its existence), and still don't want to do the right thing, then 
> > imho, all hell should break loose.
> >
> > Even if AMD is fucked up in this way as well, I'll buy AMD until Intel get 
> > this right. Because right now, Intel needs to look good again, while AMD 
> > does not after its come-back. Boycutting Intel now, may force its hand to 
> > do the right thing. Push em where it hurts.
> >
> > And if Intel finally does the right thing, then who knows, AMD may follow 
> > suit. AMD is halfway there already anyway.
> >
> AMD has PSP, which is their version of ME. It is no better.
> 
> owner controlled POWER is the future, if enough people buy TALOS 
> products eventually they'll be a lower end option (FYI the TALOS 2 price 
> is appropriate for high end server hardware, it is actually less than 
> Intel's stuff)
> 
> If google can't convince intel to offer a way to remove ME then no one 
> can, certainly not a small company with no real connections and no 
> hardware engineers (purism)

Nice! I did not know about TALOS, seems really interesting. I had kinda lost 
any hope for POWER CPU's since IBM are such big slackers when it comes to 
getting POWER marketed or supporting motherboard developers in the mass 
markets. The way I understand it, it's significantly easier to make 
motherboards, compared to making CPU's, and existing RAM technology can be 
used. So it was a bit mind-boggling for me that no one went ahead and made 
POWER motherboards. Not enough interest by the people at least capable of 
making motherboards, I guess? or my understanding of it falls short perhaps.

But either way, TALOS is really good news. Though its a bit sad that its so 
pricy and only for desktops. Especially as mobile devices are becoming so 
powerful, that desktops are less relevant for most normal people these days. It 
makes the desktop market smaller, and TALOS even harder to sell to normal 
people, and thereby probably also less likely to drop in price then too. And as 
a result, much less likely to come to laptops as well then. Unless something 
changes? Seems like an evil unbreakable circle, unless a shortcut is being cut 
out somewhere. 

For one, the price is waay to high for most regular people.
What hopes do we have for cheaper hardware, made available for the more popular 
devices (like laptops and phones), I wonder.

It's so frustrating, getting hopes, but at the same time, just enough out of 
reach, dangling there like a carrot on a stick, laughing at you. Frustrating... 

also, lmao, indeed, the claims and lack of results to show for, are gonna make 
purism a laughing stock for years to come. Maybe if they involved the open 
source community and got a huge backing with a single voice, but instead, many 
open source people got offended by their overestimated claims. The irony... 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c0abc87b-acae-4dad-8665-b96919c43f7e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: [Cryptography] Intel Management Engine pwnd

[taii...@gmx.com]

On 11/22/2017 05:07 PM, Yuraeitha wrote:


Now seems like a really good time to twist Intel's arm to the back and force 
them to get rid of these invasive blobs, once and for all. Going open source, 
should be the very minimum solution, after all, how can we trust a company like 
this otherwise, if they don't at least try to be as transparent as possible. 
They lack trust enough already as it is, them now admitting it should mean no 
more roadblocks to get rid of it once and for all.

If they got to the point and they admitted it (and its no longer a case of 
proving its existence), and still don't want to do the right thing, then imho, 
all hell should break loose.

Even if AMD is fucked up in this way as well, I'll buy AMD until Intel get this 
right. Because right now, Intel needs to look good again, while AMD does not 
after its come-back. Boycutting Intel now, may force its hand to do the right 
thing. Push em where it hurts.

And if Intel finally does the right thing, then who knows, AMD may follow suit. 
AMD is halfway there already anyway.


AMD has PSP, which is their version of ME. It is no better.

owner controlled POWER is the future, if enough people buy TALOS 
products eventually they'll be a lower end option (FYI the TALOS 2 price 
is appropriate for high end server hardware, it is actually less than 
Intel's stuff)


If google can't convince intel to offer a way to remove ME then no one 
can, certainly not a small company with no real connections and no 
hardware engineers (purism)


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/56e6b6ee-04fb-888c-4e56-785cb7306385%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [Cryptography] Intel Management Engine pwnd (was: How to find hidden/undocumented instructions

[Yuraeitha]

On Wednesday, November 22, 2017 at 1:34:26 PM UTC, Sandy Harris wrote:
> From a crypto list, seemed relevant here.
> 
> -- Forwarded message --
> From: =JeffH 
> Date: Tue, Nov 21, 2017 at 7:04 PM
> Subject: [Cryptography] Intel Management Engine pwnd (was: How to find
> hidden/undocumented instructions
> To: "Crypto (moderated) list" 
> 
> 
> Oh joy...
> 
> Intel finds critical holes in secret Management Engine hidden in tons
> of desktop, server chipsets
> https://www.theregister.co.uk/2017/11/20/intel_flags_firmware_flaws/
> 
>  By Thomas Claburn in San Francisco 20 Nov 2017 at 23:53
> 
> Intel today admitted its Management Engine (ME), Server Platform
> Services (SPS), and Trusted Execution Engine (TXE) are vulnerable to
> multiple worrying security flaws, based on the findings of external
> security experts.
> 
> The firmware-level bugs allow logged-in administrators, and malicious
> or hijacked high-privilege processes, to run code beneath the
> operating system to spy on or meddle with the computer completely out
> of sight of other users and admins. The holes can also be exploited by
> network administrators, or people masquerading as admins, to remotely
> infect machines with spyware and invisible rootkits, potentially.
> 
> Meanwhile, logged-in users, or malicious or commandeered applications,
> can leverage the security weaknesses to extract confidential and
> protected information from the computer's memory, potentially giving
> miscreants sensitive data – such as passwords or cryptographic keys –
> to kick off other attacks. This is especially bad news on servers and
> other shared machines.
> 
> In short, a huge amount of Intel silicon is secretly running code that
> is buggy and exploitable by attackers and malware to fully and
> silently compromise computers. The processor chipsets affected by the
> flaws are as follows:
> 
> 6th, 7th and 8th Generation Intel Core processors
> Intel Xeon E3-1200 v5 and v6 processors
> Intel Xeon Scalable processors
> Intel Xeon W processors
> Intel Atom C3000 processors
> Apollo Lake Intel Atom E3900 series
> Apollo Lake Intel Pentiums
> Celeron N and J series processors
> 
> Intel's Management Engine, at the heart of today's disclosures, is a
> computer within your computer. It is Chipzilla's much maligned
> coprocessor at the center of its vPro suite of features, and it is
> present in various chip families. It has been assailed as a "backdoor"
> – a term Intel emphatically rejects – and it is a mechanism targeted
> by researchers at UK-based Positive Technologies, who are set to
> reveal in detail new ways to exploit the ME next month.
> 
> The Management Engine is a barely documented black box. it has its own
> CPU and its own operating system – recently, an x86 Quark core and
> MINIX – that has complete control over the machine, and it functions
> below and out of sight of the installed operating system and any
> hypervisors or antivirus tools present.
> 
> It is designed to allow network administrators to remotely or locally
> log into a server or workstation, and fix up any errors, reinstall the
> OS, take over the desktop, and so on, which is handy if the box is so
> messed up it can't even boot properly.
> 
> The ME runs closed-source remote-administration software to do this,
> and this code contains bugs – like all programs – except these bugs
> allow hackers to wield incredible power over a machine. The ME can be
> potentially abused to install rootkits and other forms of spyware that
> silently snoop on users, steal information, or tamper with files.
> 
> SPS is based on ME, and allows you to remotely configure Intel-powered
> servers over the network. TXE is Intel's hardware authenticity
> technology. Previously, the AMT suite of tools, again running on ME,
> could be bypassed with an empty credential string.
> 
> Today, Intel has gone public with more issues in its firmware. It
> revealed it "has identified several security vulnerabilities that
> could potentially place impacted platforms at risk" following an audit
> of its internal source code:
> 
> In response to issues identified by external researchers, Intel has
> performed an in-depth comprehensive security review of our Intel
> Management Engine (ME), Intel Server Platform Services (SPS), and
> Intel Trusted Execution Engine (TXE) with the objective of enhancing
> firmware resilience.
> 
> The flaws, according to Intel, could allow an attacker to impersonate
> the ME, SPS or TXE mechanisms, thereby invalidating local security
> features; "load and execute arbitrary code outside the visibility of
> the user and operating system"; and crash affected systems. The
> severity of the vulnerabilities is mitigated by the fact that most of
> them require local access, either as an administrator or less
> privileged user; the rest require you to access the management
> features as an