Welcome to the Free Talk Live bulletin board system! To begin posting Login or Sign Up.
April 25, 2014, 04:37:32 AM
Search:     Advanced search
204417 Posts in 9862 Topics by 17642 Members
Latest Member: James Blunt
* Home Help Search Login Register
+  The Free Talk Live BBS
|-+  Free Talk Live
| |-+  General
| | |-+  Information Security
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Information Security  (Read 557 times)
Temper
FTL AMPlifier Platinum
*
Offline Offline



View Profile

Ignore
« on: October 03, 2013, 10:09:08 PM »

I called in on 10/03/2013 at about 8:25-8:30PM CST. I was talking about data security on computers. I just wanted to show my sources.

Wear Leveling Devices (SSDs, Flash, USB Thumb Drives, ETC)
http://www.truecrypt.org/docs/wear-leveling#Y397
http://www.kingston.com/us/community/articledetail?ArticleId=10
http://www.computerworld.com/s/article/9211519/Can_data_stored_on_an_SSD_be_secured_
http://nvsl.ucsd.edu/index.php?path=projects/sanitize

So again, if the drive support the method of securely erasing data and it is implemented properly there is not a problem. The problem is you will never know if this is true!

And on Intel vPro:
What is Intel vPro Technology

Module 1: Introduction to Intel® vPro™ Technology

Intel vPro Demo Anti Theft

http://www.intel.com/content/www/us/en/remote-support/remote-support-solutions-for-laptops-and-desktops.html
http://www.tomshardware.com/reviews/vpro-anti-theft-management-sba,3266.html
http://www.bomgar.com/products/features/intel-vpro
Logged
Temper
FTL AMPlifier Platinum
*
Offline Offline



View Profile

Ignore
« Reply #1 on: October 03, 2013, 10:15:41 PM »

AMD "Remote Management" AKA DASH

http://www.tomshardware.com/reviews/vpro-amt-management-kvm,3003-13.html
http://www.amd.com/us/products/technologies/systems-management/Pages/manageability-desktops-notebooks.aspx
http://www.amd.com/us/Documents/AMD_DASH_Whitepaper.pdf
http://techreport.com/news/12114/amd-moves-to-embrace-pc-management-tools
Logged
Temper
FTL AMPlifier Platinum
*
Offline Offline



View Profile

Ignore
« Reply #2 on: October 03, 2013, 10:24:24 PM »

On a side note, it looks like if you use a non-standard network card that does NOT support vPro - you could effectively disable its remote abilities. (as long as you never manually activated it?)
Logged
Temper
FTL AMPlifier Platinum
*
Offline Offline



View Profile

Ignore
« Reply #3 on: October 05, 2013, 09:55:46 PM »

And vPro has been hacked.. predictably..

http://www.infoworld.com/d/security-central/researchers-hack-intels-vpro-604
http://www.dailypaul.com/289567/hacked-cbs-computers-turning-themselves-on-at-night-then-off
http://en.wikipedia.org/wiki/Intel_vPro

On a bit of the nutty side:
http://www.jimstonefreelance.com/corevpro.html
http://www.theregister.co.uk/2013/09/23/intel_stuns_world_with_wakeon3g/

TO BE CLEAR, the intel chips DO NOT, to the best of my knowledge, have a 3g chip built into them. These people do NOT understand what Intel is saying with the 3G/4G statements. IF your laptop has a 3g/4g card, vPRO can now use it via SMS etc. It is similar to how you can kill cell phones from remote.

So what does all this mean?

Well if you watch the videos, you can turn on, remote boot an OS over network, and reinstall an OS all from remote. This means that a person can turn on, disable the monitor (power sleep mode), then access ANYTHING they want, then turn off the PC. Interestingly, the vPRO system strips out the vPRO commands before the OS can recieve them to remove the ability to monitor for vPRO commands. And even as the Intel chips do NOT currently have CDMA/EDGE/HSPA+ modems in them now, there is actually nothing to prevent them from being added. This system overrides ALL SECURITY FOREVER. If vPRO is not secure then the system cannot be secured. Period. In fact, depending on how this is designed, or could be designed later, the NSA could use this to copy sections of ram, hard drive, etc. even while you use the system. Even encryption would be pointless as they could copy the encryption key from memory after/as you encrypt the files.

Granted, I do not know if this is currently how things work. But this is a VERY REAL SECURITY CONCERN. And if the  NSA does run over to Intel/AMD and order them to make this NSA user friendly it is a nightmare.

So I am not trying to panic you but I am trying to bring awareness to this. And yes, right now this is just for certain processors (supposedly - you will never know what is REALLY on a CPU core as it is so small it is impossible to look.)
without backlash someday these components may end up on ALL CPUs.
Logged
Temper
FTL AMPlifier Platinum
*
Offline Offline



View Profile

Ignore
« Reply #4 on: October 06, 2013, 07:44:21 PM »

Follow a debate I am having with another IT geek. The key part you should get from it is this:

"Okay, fine, you got me. The typical use-case for this when a customer performs a bulk order through someone like Dell or HP (similar to how you can ask for a pre-set BIOS boot order and supervisor password), but I suppose the NSA could get a key preloaded." -celestrion

http://www.reddit.com/r/freetalklive/comments/1nrrk6/intel_vpro_technologynot_necessarily_a_security
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.556 seconds with 19 queries. (Pretty URLs adds 0.028s, 2q)