Aaron Mulder on 6 Jan 2018 10:15:10 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Intel SA-00086 critical BIOS update


Though the Spectre paper included a JavaScript exploit, right?  So I
would think a laptop would be vulnerable to that much, at least.  It
seems like browsers are deploying defenses, but it's not clear to me
that there couldn't be other remote attack vectors.

Thanks,
      Aaron


On Sat, Jan 6, 2018 at 12:57 PM, Michael Lazin <microlaser@gmail.com> wrote:
> Thanks, I saw that after the fact.  I just panicked when I realized my
> laptop is not getting patched anytime soon.  I see the exploit only
>  effects it if someone has physical access, or remote management is enabled.
> I just like to be proactive about security, it's a tinge of paranoia I
> suppose, thanks.
>
> On Sat, Jan 6, 2018 at 12:48 PM, Ronald Guilmet <ronpguilmet@gmail.com>
> wrote:
>>
>> My laptops were automatically patched for me with my updates (Dell and
>> HP). I did a cursory read on Intel's site, and it said the attacker needs
>> physical access to inject the malicious code, so I'm not worried. Given that
>> the majority of all IT attacks come from published CVEs, you should make
>> sure it is addressed. If you have cloud servers like Linode, I wouldn't be
>> concerned. I'm sure they will address those issues. If you have your own
>> hardware in a data-center you will have to check that yourself. Maybe I
>> misread something, but this doesn't seem like anything you need to jump out
>> of bed and run red lights for.
>>
>>
>> Ron
>>
>>
>> On 1/6/2018 11:29 AM, Michael Lazin wrote:
>>
>> I ran this on my 3 intel home computers and found that one was vulnerable,
>> one was not, and one could not be detected.  The vulnerable machine is an
>> older laptop and there is no patch available from the manufacturer at this
>> time.  I did find this article on disabling the the vulnerable engine:
>>
>>
>> https://hothardware.com/news/researchers-figured-out-how-to-turn-off-intel-management-engine-11-thanks-to-nsa
>>
>> I cloned the code from github, but I am loathe to run unverified python
>> code as root that might damage hardware.  Does anyone else have a better
>> suggestion on securing an old laptop which runs Ubuntu and does not have a
>> patch?  Thanks.
>>
>> On Sat, Jan 6, 2018 at 9:52 AM, Lee H. Marzke <lee@marzke.net> wrote:
>>>
>>> Looks like this issue is related to Meltdown / Spectre  exploits in the
>>> Intel management engine or trusted platform.
>>>
>>> There is a downloadable tool for Linux and Windows to test you BIOS for
>>> the vulnerability.
>>>
>>> https://www.intel.com/content/www/us/en/support/articles/000025619/software.html
>>>
>>> Mostly affects  corporate platforms which have remote management or TPM
>>> enabled,
>>> not home computers.     Many older laptops, servers, etc may be
>>> un-fixable do
>>> to lack of BIOS upgrades.
>>>
>>> Most attacks may require physical access to computer, or an available
>>> remote management cert, so
>>> perhaps this isn't as bad as first appears for older computers.
>>>
>>> Lee
>>>
>>>
>>> --
>>> "Between subtle shading and the absence of light lies the nuance of
>>> iqlusion..."  - Kryptos
>>>
>>> Lee Marzke,  lee@marzke.net     http://marzke.net/lee/
>>> IT Consultant, VMware, VCenter, SAN storage, infrastructure, SW CM
>>>
>>>
>>>
>>>
>>>
>>> ___________________________________________________________________________
>>> Philadelphia Linux Users Group         --
>>> http://www.phillylinux.org
>>> Announcements -
>>> http://lists.phillylinux.org/mailman/listinfo/plug-announce
>>> General Discussion  --
>>> http://lists.phillylinux.org/mailman/listinfo/plug
>>>
>>
>>
>>
>> --
>> Michael Lazin
>>
>> to gar auto estin noein te kai ennai
>>
>>
>>
>> ___________________________________________________________________________
>> Philadelphia Linux Users Group         --
>> http://www.phillylinux.org
>> Announcements -
>> http://lists.phillylinux.org/mailman/listinfo/plug-announce
>> General Discussion  --
>> http://lists.phillylinux.org/mailman/listinfo/plug
>>
>>
>>
>>
>> ___________________________________________________________________________
>> Philadelphia Linux Users Group         --
>> http://www.phillylinux.org
>> Announcements -
>> http://lists.phillylinux.org/mailman/listinfo/plug-announce
>> General Discussion  --
>> http://lists.phillylinux.org/mailman/listinfo/plug
>>
>
>
>
> --
> Michael Lazin
>
> to gar auto estin noein te kai ennai
>
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --        http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
>
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug