More good news from Intel

press.f-secure.com/2018/01/12/

“In practice, it can give an attacker complete control over an individual’s work laptop, despite even the most extensive security measures.”

“The essence of the security issue is that setting a BIOS password, which normally prevents an unauthorized user from booting up the device or making low-level changes to it, does not prevent unauthorized access to the AMT BIOS extension.“

Convenience is starting to look like a bad idea

24
17
Kurt Mosiejczuk
Follow

@cypnk Now we have to hope that doing that is adequate to defang the problems. It should. But then, we shouldn't have any of these problems to start with...

· Web · 0 · 0

@kurtm That's true. But I don't take anything for granted anymore. I can't read the BIOS firmware so I have no idea what voodoo is taking place behind these screens

This is probably a placebo in some ways since "off" doesn't seem to mean that in some cases

0
2

@cypnk @kurtm You really ought to try coreboot. It took me about a day to get it up and running, but it's worth the time and effort.

0
0

@mkern @kurtm I have on my own laptops, but unfortunately these Thinkpads aren't compatible as far as I know and I don't have permission to test on them

0
0

@mkern @cypnk I keep thinking about it. Generally when I check my model either just flat-out isn't supported, or has some serious gaps in coverage that make me nervous.

0
0

@kurtm @cypnk I can recommend x220. After you change the wifi module you can get an almost 100% free (excluding IME) laptop which works perfectly well despite the fact it's from 2012.

0
0
Mastodon

This page describes the mastodon.social instance - wondering what Mastodon is? Check out joinmastodon.org instead! In essence, Mastodon is a decentralized, open source social network. This is just one part of the network, run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!

Hero image by @b_cavello