Twitter | Search | |
This is the legacy version of twitter.com. We will be shutting it down on 15 December 2020. Please switch to a supported browser or device. You can see a list of supported browsers in our Help Center.
Mark Ermolov
the Apocalypse begins: Multiple buffer overflows in Intel CSME including with remote vector
Security Center
Reply Retweet Like More
Juliano Rizzo 20 Nov 17
Replying to @_markel___
"and 3rd party secrets protected by the Intel® Management Engine (ME), " ? TPM ?
Reply Retweet Like
Mark Ermolov 20 Nov 17
Replying to @julianor
yes, under certain circumstances
Reply Retweet Like
Alex Bazhaniuk 20 Nov 17
Replying to @_markel___
Remote vector require remote Admin access?
Reply Retweet Like
Mark Ermolov 20 Nov 17
Replying to @ABazhaniuk
Yes, it requires successful AMT authorization
Reply Retweet Like
Axel Gneiting 20 Nov 17
Replying to @_markel___
"Load and execute arbitrary code outside the visibility of the user and operating system." That's about as apocalyptic as it gets.
Reply Retweet Like
Vegard Pettersen 25 Nov 17
"The Enemy Knows the System" used to be fine because we knew that, now we have to consider the "Unknown Knowns" as well. How, for example, does the NSA plan to disable ME if needed?
Reply Retweet Like
William D. Jones 20 Nov 17
Replying to @_markel___
So like, is there a TLDR why none of this stuff happened w/ the ARC version of ME?
Reply Retweet Like
Pascal S. de Kloe 4 Jan 18
Replying to @_markel___
Reply Retweet Like
the network is just an abstraction layer 20 Nov 17
Replying to @_markel___
There's something poetic about it being SA# 00086... Google has a nice open-source project to replace all this UEFI goop:
Reply Retweet Like
David Metcalf 20 Nov 17
Replying to @_markel___
It needs something designed for security, like seL4, not Linux though.
Reply Retweet Like