r҉ustic cy͠be̸rpu̵nk🤠🤖 is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

More good news from Intel

press.f-secure.com/2018/01/12/

“In practice, it can give an attacker complete control over an individual’s work laptop, despite even the most extensive security measures.”

“The essence of the security issue is that setting a BIOS password, which normally prevents an unauthorized user from booting up the device or making low-level changes to it, does not prevent unauthorized access to the AMT BIOS extension.“

Convenience is starting to look like a bad idea

@cypnk BIOS passwords were never the right way to provide security though, right? You could always pull out the hard drive and read from the disk without encryption

r҉ustic cy͠be̸rpu̵nk🤠🤖 @cypnk

@cwebber The issue isn't just that though. AMT is part of the remote management utility for systems already deployed in the field

· Web · 0 · 0

@cypnk Does this affect remote management as well? (IMO AMT is very untrustworthy partly because of its combination of proprietaryness and remote managementness)

@cwebber Yes, but AMT is still widely deployed. The issue (according to the article) is that TPM can be bypassed easily, which means any intruder can inject traffic into or out of any system with AMT enabled

Encryption won't really help here since the system starts pre-boot. So that's a handy backdoor to intercept your keys too

It's a huge mess!