Researchers Hack Intel's VPro

snydeq writes "Security researchers from Invisible Things Lab have created software that can 'compromise the integrity' of software loaded using Intel's vPro Trusted Execution Technology, which is supposed to help protect software from being seen or tampered with by other programs on the machine. The researchers say they have created a two-stage attack, with the first stage exploiting a bug in Intel's system software. The second stage relies on a design flaw in the TXT technology itself (PDF). The researchers plan to give more details on their work at the Black Hat DC security conference next month."

TXT? PDF? Wha?

[Yvan256]

a design flaw in the TXT technology itself (PDF).

So we need to read a PDF to read about flaws in TXT?

What do you mean it's not about plain text files?

Wii Homebrew Channel

[bluefoxlucid]

The Wii has perfect encryption and signing on hardware-assisting firmware and system software that can't be compromised. It uses a completely trusted execution stack to ensure only authorized applications run and to immediately detect and disable unauthorized third party software.

This can't be possible!

[fuzzyfuzzyfungus]

Every single trade magazine and free objective TCO whitepaper for months has been full of pictures of PC desktops with combination locks photoshopped onto them, and fulsome praises of VPro! How could it possibly be vulnerable? I'm going to go cry in my corner office in the management suite now.

Re:TXT execution technology

[Bill,+Shooter+of+Bul]

Ed, Man! Ed!

Re:Design flaw in the TXT technology

[Meski]

Reminds me of when QA wanted a corrupt word file to test something. "Fine", I said, opened a word doc with hexeditor, made some random changes, saved it. Opened it with Word, instant BSOD. "A little less corrupt" said QA.