Twitter | Search | |
Search Refresh
Joanna Rutkowska Jan 8
A code exec bug in AMD PSP module implementing TPM. PSP is similar to . Key Qs: 1. Does PSP/fTPM have access to host memory? 2. How well is fTPM module isolated from the rest of the PSP? 3. How asynchronous is PSP execution with regards to the host?
Reply Retweet Like
Maxim Goryachy Nov 8
Game over! We (I and ) have obtained fully functional JTAG for Intel CSME via USB DCI.
Reply Retweet Like
Joanna Rutkowska Dec 6
Attacking by & at 1. Requires malformed file on SPI flash (needs physical access or bug in BIOS) 2. Bug in early-loaded module, so ME "disabling" by HAP is not a cure 3. Culprit is classic(!) stack overflow 4. Full code exec in ME Congrats!
Reply Retweet Like
weaponized glitter ✨🌈 Dec 9
MINIX Creator Andrew Tanenbaum Sends Open Letter to Intel Over MINIX Drama #1984
Reply Retweet Like
Joanna Rutkowska Dec 30
Replying to @intel
E.g. it is absolutely unacceptable there exists an embedded system () within our processors which has (hardware) DMA capability to access host memory. It is merely irrelevant if/how the _current_ ME firmware makes use of it.
Reply Retweet Like
Maxim Goryachy Dec 27
Our presentation "Inside Intel Management Engine" about activation JTAG for IntelME
Reply Retweet Like
Ben Laurie Jan 1
Totally agree. And that's not the only thing that's unacceptable about : blatant open source licence infringement is another dimension of wrong, for example. But there's plenty more reasons to be worried about security, too.
Reply Retweet Like
🄴🅽🆁🄸🆀🅄🄴  🆂🄾🆁🄸🄰🅽🄾 Sep 25
Your Intel PC chipset has an extra Intel 32-bit CPU (3 cores) that runs a MINIX system even when the computer is “off”. This is 11.
Reply Retweet Like
CryptoShrimp ebooks 11h
bigger question is bad security advise telling your customers patch won't affect them.
Reply Retweet Like
PT Security Aug 28
How to disable Intel ME 11 via undocumented mode
Reply Retweet Like
hjb Nov 27
Gosh, i may have stumbled on some top secret Intel IP.
Reply Retweet Like
Joanna Rutkowska Dec 30
This thread shows how tricky it is to reason about real (problematic) impact of :/ Apparently it is confusing even to the most seasoned researchers... Dear , REMOVE "ME" HARDWARE FROM _OUR_ COMPUTERS!
Reply Retweet Like
PT Security Dec 6
Recovering Huffman tables in Intel ME 11.x Recovering Huffman tables in Intel ME 11.x
Reply Retweet Like
PT Security Dec 6
Update released by Intel does not eliminate possibility of attack: exploitation of these vulnerabilities: having access to ME-region attacker can write vulnerable version of and exploit vulnerability in it. CVE-2017-5705, 6, 7
Reply Retweet Like
CryptoShrimp ebooks Jun 9
Use a to manage the risk of such an "investment"/gamble, consider that a lot of serio...
Reply Retweet Like
🦖 Hernâni Marques Jun 15
USA auf Wegen fernab von E-Voting: zurück zu Papier. Eigentlich amüsant, wenn man bedenkt, dass der Ausschalt-Switch für - zumal für einige der CPUs - von für die NSA eingebaut wurde. /
Reply Retweet Like
🦖 Hernâni Marques Jun 11
Diese Hardware kommt praktisch aus einer Quelle: -Hardware ist mit zudem schon länger in der Kritik und , sowie sind generellere Probleme, die teils auch AMD- und ARM-Hardware betriffen; kommen , etc. hinzu.
Reply Retweet Like
Hardened-GNU/Linux Jun 6
Intel ME: Security keys Genealogy, Obfuscation and other Magic:
Reply Retweet Like
Hardened-GNU/Linux Jun 5
Secure Processors Part I: Background, Taxonomy for Secure Enclaves and Intel SGX Architecture
Reply Retweet Like
PT Security Jun 4
Positive Technologies' researchers Dmitry Sklyarov and Maxim Goryachy gave a technical talk about security keys genealogy and obfuscation in at Krakow (). Presentation slides are available on GitHub:
Reply Retweet Like