Re: [qubes-users] Anyone disabled the Intel ME yet?
On Sunday, September 24, 2017 at 8:24:44 PM UTC-4, cooloutac wrote: > On Thursday, September 21, 2017 at 12:08:41 PM UTC-4, Hugo Costa wrote: > > On Thursday, 21 September 2017 07:23:01 UTC+1, Alex wrote: > > > Replying to this thread to report that somebody DID ACTUALLY find an > > > exploitable vulnerability in the latest IME 11+, and they will be > > > sharing nothing less that this UNSIGNED CODE EXECUTION vuln at blackhat > > > europe 2017. > > > > > > Abstract here: > > > https://www.blackhat.com/eu-17/briefings/schedule/#how-to-hack-a-turned-off-computer-or-running-unsigned-code-in-intel-management-engine-8668 > > > > > > Title is pretty scary, but we'll see if it's actually that dangerous... > > > > > > -- > > > Alex > > > > Was going to post the same. 2 Russian researchers that a couple weeks ago > > found out a way to clean some modules on Intel ME now have found a > > significative exploit that allows them to actually run code on a piece of > > hardware with direct access to the network. The scary thing is - it's > > impossible to detect. > > and thats prolly just what we know about lol. I feel like cause I live in nyc that you just expect this type of stuff from your friends and neighbors hahaha. maybe not the same means but the same ends. but ya hardware level stuff is scary, cause that means real security means alot of money, so poor people are screwed. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/758bb5df-6fa7-4b27-8aa8-ae4ef2bf52d4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Anyone disabled the Intel ME yet?
On Thursday, September 21, 2017 at 12:08:41 PM UTC-4, Hugo Costa wrote: > On Thursday, 21 September 2017 07:23:01 UTC+1, Alex wrote: > > Replying to this thread to report that somebody DID ACTUALLY find an > > exploitable vulnerability in the latest IME 11+, and they will be > > sharing nothing less that this UNSIGNED CODE EXECUTION vuln at blackhat > > europe 2017. > > > > Abstract here: > > https://www.blackhat.com/eu-17/briefings/schedule/#how-to-hack-a-turned-off-computer-or-running-unsigned-code-in-intel-management-engine-8668 > > > > Title is pretty scary, but we'll see if it's actually that dangerous... > > > > -- > > Alex > > Was going to post the same. 2 Russian researchers that a couple weeks ago > found out a way to clean some modules on Intel ME now have found a > significative exploit that allows them to actually run code on a piece of > hardware with direct access to the network. The scary thing is - it's > impossible to detect. and thats prolly just what we know about lol. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c993f589-1ef2-40d3-823e-88f6de5313ac%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Anyone disabled the Intel ME yet?
On Thursday, 21 September 2017 07:23:01 UTC+1, Alex wrote: > Replying to this thread to report that somebody DID ACTUALLY find an > exploitable vulnerability in the latest IME 11+, and they will be > sharing nothing less that this UNSIGNED CODE EXECUTION vuln at blackhat > europe 2017. > > Abstract here: > https://www.blackhat.com/eu-17/briefings/schedule/#how-to-hack-a-turned-off-computer-or-running-unsigned-code-in-intel-management-engine-8668 > > Title is pretty scary, but we'll see if it's actually that dangerous... > > -- > Alex Was going to post the same. 2 Russian researchers that a couple weeks ago found out a way to clean some modules on Intel ME now have found a significative exploit that allows them to actually run code on a piece of hardware with direct access to the network. The scary thing is - it's impossible to detect. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2f3a80dc-0bfa-4e07-a5ee-16606b435275%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Anyone disabled the Intel ME yet?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 alexclay...@gmail.com: > Has anyone here successfully disabled the Intel ME yet? > > http://blog.ptsecurity.com/2017/08/disabling-intel-me.html > > I'm hoping a future release of Qubes integrates this into the > install process for us. Or be downloadable as a package like > Anti-Evil Maid? https://github.com/corna/me_cleaner Rusty -BEGIN PGP SIGNATURE- iQJ8BAEBCgBmBQJZwEIxXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0 NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfNg8P/R29hIUOrlolKVQXjgQ27MX0 oWClVtfGX7+geO+mU3WYY0UQYeOCWyRJIxOrbsySrKf0WcqN2H0NwpxcJrHXYI8Z mm1CVcC8VZcR7hMARHLWz61EFfBbSUL+azP1elPZQ/yuB1If3NpyR9PSM8Nrhs0v Mdh9N2HdhYfxV6YNPhcUo1bVsaP9Z3X8/8T/whybN6KaMiF4y573wXqXwSc/lNsN P5bpBH1GcAZI2BfH29dt1TU+t94pELekdAtZKDFW4riSLhhWW9nfDPThupqJ2kps MXhFJxREXsUPpXOf6vc+JI667+8s1Cb4jfXovKPGgIG/4dh3qFIIyc9p/0q6pLca UBN7V2GBkkpdpyRX/QhHHcbw+Ri2SKul/2LRMVZ7d/nqwRfHchxGmYKFIjFjYVdx 1bfVc8wgnX1WZGOg0EvEgx0vG8H0+DU+Yw5Wyuv4jO4UfILJ/FTBxa1KyMWv6xvS lf9tjL28k+HBiwzDs5MCdV9rUJ9W0q/zySntZItI/7wd8UPC0YadzqwxF74xh/d4 SLy9rL/1aMwhpvd+rCFipn1B3wIlY/y/VPq3FpLsPrAjoesbZ1BeUmQ9wdvumTn3 sSwcUfUnt1N6mWWtPYtSPYQyD1A4r9I2RFEuq8YuLEyG3BveC9RanApNE5CboBFA JKyVN0I7q5dmd0bk4IEm =UlBw -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170918220121.GA1088%40mutt. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Anyone disabled the Intel ME yet?
I see, thank you for the explanation. I had no idea ME versions were that fragmented. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/affa89af-208f-4ecc-8430-4e27a3e60935%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Anyone disabled the Intel ME yet?
On 09/18/2017 10:33 PM, alexclay...@gmail.com wrote: > Has anyone here successfully disabled the Intel ME yet? > > http://blog.ptsecurity.com/2017/08/disabling-intel-me.html > > I'm hoping a future release of Qubes integrates this into the install > process for us. Or be downloadable as a package like Anti-Evil Maid? > > Thoughts? > This is an extremely risky and highly ad-hoc procedure that cannot be easily automated. As you can understand from the article, newer ME versions manage the boot process so some level of functionality is required just to have a working computer. Being an opaque component, different versions have highly variable level of built-in functionality and architecture position, so while some ME versions on some chipsets could just be zapped away, others have to be patched, reflashed, bypassed or replaced to be disarmed. Hence, the operations to "disarm" ME still resemble more surgery than patching; our only hopes are that Intel will give a simple way of disabling the unneeded "services" (i.e. network services?) with something reasonable like a hardware jumper of some sort. They will be able to give the HAP guarantees to their customers without impairing security for everybody else... -- Alex -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/338cf7e2-e5ee-eafd-4187-6d829f2dbb01%40gmx.com. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
[qubes-users] Anyone disabled the Intel ME yet?
Has anyone here successfully disabled the Intel ME yet? http://blog.ptsecurity.com/2017/08/disabling-intel-me.html I'm hoping a future release of Qubes integrates this into the install process for us. Or be downloadable as a package like Anti-Evil Maid? Thoughts? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ebdfd4fb-c5df-45fd-b6bc-8f944703babe%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
