Slashdot Mirror
Researchers Hack Intel's VPro
snydeq writes "Security researchers from Invisible Things Lab have created software that can 'compromise the integrity' of software loaded using Intel's vPro Trusted Execution Technology, which is supposed to help protect software from being seen or tampered with by other programs on the machine. The researchers say they have created a two-stage attack, with the first stage exploiting a bug in Intel's system software. The second stage relies on a design flaw in the TXT technology itself (PDF). The researchers plan to give more details on their work at the Black Hat DC security conference next month."
meow meow meow. meow meow? meow!
Angry Intelâ Trusted Execution Technology© first Dog post!
So we need to read a PDF to read about flaws in TXT?
What do you mean it's not about plain text files?
Apparently, loading a pdf into wordpad causes an overflow that allows arbitrary code to run as administrator.
The Wii has perfect encryption and signing on hardware-assisting firmware and system software that can't be compromised. It uses a completely trusted execution stack to ensure only authorized applications run and to immediately detect and disable unauthorized third party software.
Support my political activism on Patreon.
Every single trade magazine and free objective TCO whitepaper for months has been full of pictures of PC desktops with combination locks photoshopped onto them, and fulsome praises of VPro! How could it possibly be vulnerable? I'm going to go cry in my corner office in the management suite now.
Quick, somebody arrest these scoundrels! How dare they show flaws in technology! The next thing you know, fraudsters and pornographers will be taking advantage of this. THINK OF THE CHILDREN!!! THINK OF 9-11!!!
The world's burning. Moped Jesus spotted on I50. Details at 11.
A big room somewhere in Europe with lots of chrome and glass and a great big whiteboard in the front with lots of tiny, neat writing on it. There are about 50 desks, each with headphones and pristine workstations, also with a lot of chrome and glass. The faint sound of classical music permeates the room, accompanying the clicky-click of 50 programmers typing or quietly talking in one of the appropriately assigned meeting areas. (Which of course consist of elegant contemporary white pine coffee tables surrounded by contemporary white pine and fine leather meeting chairs.) Coffee, tea, mineral water and fruit juices are available in the break area.
At the end of the day, *everyone* checks in their code and the project leader does a "make" just to make sure it all compiles cleanly, but it's mostly only done from tradition anymore since it always compiles cleanly and works flawlessly. When all milestones have been met, and everything has been QA'd, (usually within a day or two of the roadmap that was written up 18 months previous) a new KDE release is packaged up and released to the mirror sites with the appropriate 24-hour delay for distribution before being announced.
KDE developers are generally between the ages of 16 and 25, like art made of lines and squares and the colors white and black. When/if they finally stop taking government subsidies and get around to getting "real jobs," most of their salary will be taken in taxes so the socialist government can subsidize the care and feeding of the next generation of KDE developers, just like it did for them. A high percentage of KDE developers, during their mandatory 5 years of government military service, crack from their years of cultural dullness and flee Europe to become terrorists for the sheer joy to be found in killing random strangers for no discernible reason.
I have a fun question to ask all you slashheads out there. If you actually did have to execute someone with a text editor (let's say Stallman and Linus Torvalds overthrew the government, and you were the executioner), which one would you use?
I'd definitely use vi.
(-1, Raw and Uncut is the only way to read)
RMS calls this "treacherous computing", and I have to agree with him. This is a good development as it demonstrates quite nicely that DRM (which is probably the #1 use of VPro et al) in simply not possible. Thanks, ITL, for showing this as folly!
Dewey, what part of this looks like authorities should be involved?
Never a lock has been created that can't be broken.
Any time you see "unbreakable", "unsinkable" or similar claims, call your bookie: they will. The question is when, not if.
From Omyfuckinggod
Health Buzz: Teens Using MySpace and Other Health News
Posted January 6, 2009
Teens Who Use MySpace Often Discuss Sex, Substance Abuse, Violence
About 54 percent of adolescents who use the social networking website MySpace often discuss sexual behavior, substance abuse, or violence on the site, according to a pair of new studies published this month in Archives of Pediatric & Adolescent Medicine by researchers at Seattle Children's Research Institute. In one of the studies, the researchers looked at 500 randomly selected MySpace profiles of 18-year-old teens (as reported on their MySpace pages) to determine how much they discussed high-risk behaviors and if those behaviors were influenced by their interests, activities, or other factors. Forty-one percent of the profiles referenced substance abuse, 24 percent discussed sexual behavior, and 14 percent talked about teen violence.
Dear Pediatricians: Please return to your job and practise MEDICINE, not stupid stories.
Yours sincerely,
Golem
A damp basement stagnant with a combination of undeodorized armpits, sour cream and onion chips, and cheetos where a small 15" TV is hooked up to a greasy VHS deck playing reruns of Sailor Moon and Big O. The whole area, whose size is about 110 feet squared, is dimmly lit by a single incandecent bulb but is overpowered by 6 or so glowing CRTs. The floors are littered with montain dew cans but you can find a single can of diet coke which once meant a 400 lb developer or editor was "trying to lose weight".
On one side of the tiny slashdot basement, which shares a corporate overloard of VA Linux (the ficticious business name for the lead editor's mother) are the editors which spend most of their time leeching stories from Arstechnica and Digg. The editor's work process involves taking submissions and fact checking them against wikipedia. Once a submission is fact checked an editor takes the time to deliberately misspells or entirely mangles the summary while at the same time throwing in a missleading link to a sponsor. This process is entirely time consuming usually taking 4-6 hours per submission since editors use 386DX machines with 4-8MB of ram. This can sometimes explain why articles are posted 72 hours after the rest of the world has read and commented on the subject elsewhere.
The other side of the room are the slashdot developers. There is really only about 2 or 3 developers but their obesity problem allows them to get counted twice and get 2 payroll checks. The working day of a developer involves 15 minutes of javascript and perl programming and 4 hour breaks to watch UFO hunters on Sci Fi. On the perl side of the development, most slashdot developers look at how to get every last bit of performance out of their 1 mySQL server running on a 350 mhz G4 Mac by running an SQL query through a loop for about 150000 times. This often explains why it takes 12-16 minutes to submit a comment on the story pages. Being on the forefront of Web 2.0, many (read 2) of their developers push AJAX to the next level by using xmlhttprequest() to download linux ISOs and store them secretly on the page on every page view creating the illusion that slashdot javascript is actually beneficial to their website.
Are they really design flaws? Or was this actually by design, and now the backdoor method has been discovered?
You are being MICROattacked, from various angles, in a SOFT manner.
Is this 'system software', a driver for Windows, or is it a bug in the firmware and therefore compromises the security this provides regardless of OS? Also, if it's firmware, is it the type that's burnt into the hardware and can't be changed, or the type that's loaded by the OS? If the later, this seems to me like a good reason for companies like Intel to release the source code for firmware.
The Wii has 232 bit elliptic curve encryption. While it hasn't yet been broken, someone I believe did break a 109-bit key. There isn't security that will ever exist which can't be broken.
vPro is mostly about AMT OOB management which is secure and is in it's 5th generation. TXT is relatively new component which is implemented virtually nowhere yet and has virtually nothing to do with the AMT functionality that has been and is being implemented hundreds of sites. AMT management is 97% of what vPro really is and is what the industry system OEMs generally mean when they say vPro. TXT is a future technology waiting for ISV enablement whereas core AMT/vPro is real and here now. Saying that because TXT may be compromised AND suggesting that the primary, working part of vPro is insecure is outrageously misleading.
Exactly, that's by now, "old news".
I believe this is based on the Blue Pill attack (from the same person) which essentially is a hypervisor that mimics the underlying system to gain access to the encryption keys. The flaws in the attack are that it is complicated to fully mimic the underlying hardware in software, the main drawback being that the timings by the hardware would be out due to the software hypervisor layer and this may be detected by the underlying OS or software running underneath the hypervisor. However it may be possible to write a hypervisor that takes all things into account but this would be quite an extensive task. ie. it is quite complicated to do properly but fesible (from what I have read). Mimicing the underlying system and the software interface to this via a hypervisor would allow access to the encryption keys. The article says basically "this is first stage attack, will produce stage 2 when intel responds to this" so they obviously have not completed the extensive programming task to take all things into account. Intel have known about this issue for some time as I asked one of their lead engineers the question a few months back if Trusted Execution was known to be totally secure and he basically said that theoritically it could be broken and told me to google "blue pill".
meridian at tha.net
Isn't vpro intended for business ?
In this case, the protection mindset is oriented towards overall network and data integrity and NOT for preserving the non-existent freedoms of individual machines and "owners".
The concept of a rogue owner makes perfect sense in this context.
Now if they could take a look at hypervisor found in PS3 machines...
You are confused. That was never the case. Much less as recently as a year or two ago.
In particular - you are confusing the old "-nogap" switch with LAME gapless playback headers.
The headers document the encoder delay and last-frame-gap so that a compliant player knows how much silence is on either end.
What you describe, on the other hand, is LAME's option switch which delivers MP3 gapless to non-LAME-aware players. What it does is shift (ever so slightly) the split point between two adjacent files (tracks) so that it falls on an even frame boundary and thus any spec-compliant decoder is gapless.