Slashdot Mirror
Is the 'Secret' Chip In Intel CPUs Really That Dangerous? (networkworld.com)
New submitter Miche67 writes: A recent Boing Boing blog post by Damien Zammit is stirring up fears, claiming Intel's x86 processors have a secret control mechanism that no one can audit or examine. And because of that, he says it could expose systems to undetectable rootkit attacks that cannot be killed.
Blogger Andy Patrizio, after talking with an Intel spokesperson, says the developer's argument has holes and he doesn't think Zammit will persuade Intel to replace the system with a free, open source option.
Blogger Andy Patrizio, after talking with an Intel spokesperson, says the developer's argument has holes and he doesn't think Zammit will persuade Intel to replace the system with a free, open source option.
So, what we have is an open source crusader scaring the daylights out of people on a giant what-if scenario that even he admits couldn't happen in our lifetimes.
An Intel spokesperson told the publication: While the Intel Management Engine is proprietary and Intel does not share the source code, it is very secure. Intel has a defined set of policies and procedures, managed by a dedicated team, to actively monitor and respond to vulnerabilities identified in released products. In the case of the Intel Management Engine, there are mechanisms in place to address vulnerabilities should the need arise.
How nice ... Is there any history about how that has worked before?
So from what I can tell, this entire fiasco is basically some blogger who was clearly ignorant of how enterprise management features that have been present in hardware for *years* having an "OMG YOU TRANSMIT YOUR IP ADDRESS TO THE WORLD EVERY TIME YOU GO TO A WEBSITE!!" moment.
And it wasn't even that original since the same damn hissy fit gets thrown every year or so as memory serves, since this is by no means the first time I've heard the conspiracy theory.
So, either this guy is an idiot (not discounting that at all) or he managed to troll people into generating clicky clicky ad revenue by recycling conspiracy theories. Some of the people being trolled might be willing participants to boot.
AntiFA: An abbreviation for Anti First Amendment.
In the case of the Intel Management Engine, there are mechanisms in place to address vulnerabilities should the need arise.
Umm, if Intel is the only holder of the keys to the kingdom, then they get to decide when the need arises. In fact, how much do you want to bet that if someone is nice enough to bring an issue to Intel's attention and Intel decides to take no action that there's a "by the way, if you so much as make a peep about this we'll bury you in an avalanche of DMCA litigation for the rest of your natural life"?
Forgive me if I'm skeptical about this. I think I'd rather have an agreement with Darth Vader. At least he doesn't pretend to be a nice guy.
"While the Intel Management Engine is proprietary and Intel does not share the source code, it is very secure."
Well alrighty then, I feel so much better now. Because when a technology company says something is "very secure", you can take that to the bank!
Just cruising through this digital world at 33 1/3 rpm...
The term "security through obscurity" normally refers to the method being secret, not to secret information used to authenticate an actor within the system. More specifically, it normally refers to relying on the method being secret to make discovery of a vulnerability more difficult, rather than actually fixing the vulnerability. Clearly this is bad if an adversary becomes aware of that vulnerability anyway.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
That's horribly naive. Even if the interface claims that it's "off," there is no proof and no reason whatsoever to trust it.
Trust comes from being able to read the source code (all of it), compile it yourself, and load it on the device. Nothing less.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz