More good news from Intel

press.f-secure.com/2018/01/12/

“In practice, it can give an attacker complete control over an individual’s work laptop, despite even the most extensive security measures.”

“The essence of the security issue is that setting a BIOS password, which normally prevents an unauthorized user from booting up the device or making low-level changes to it, does not prevent unauthorized access to the AMT BIOS extension.“

Convenience is starting to look like a bad idea

24
17

@cypnk Now we have to hope that doing that is adequate to defang the problems. It should. But then, we shouldn't have any of these problems to start with...

0
0

@kurtm That's true. But I don't take anything for granted anymore. I can't read the BIOS firmware so I have no idea what voodoo is taking place behind these screens

This is probably a placebo in some ways since "off" doesn't seem to mean that in some cases

0
2

@cypnk @kurtm You really ought to try coreboot. It took me about a day to get it up and running, but it's worth the time and effort.

0
0
Kurt Mosiejczuk
Follow

@mkern @cypnk I keep thinking about it. Generally when I check my model either just flat-out isn't supported, or has some serious gaps in coverage that make me nervous.

· Web · 0 · 0

@kurtm @cypnk I can recommend x220. After you change the wifi module you can get an almost 100% free (excluding IME) laptop which works perfectly well despite the fact it's from 2012.

0
0
Mastodon

Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!