Welcome to the Free Talk Live bulletin board system!
This board is closed to new users and new posts.  Thank you to all our great mods and users over the years.  Details here.
185859 Posts in 9829 Topics by 1371 Members
Latest Member: cjt26
Home Help
+  The Free Talk Live BBS
|-+  Free Talk Live
| |-+  General
| | |-+  Information Security
Pages: [1]   Go Down

Author Topic: Information Security  (Read 2635 times)

0 Members and 1 Guest are viewing this topic.

Temper

  • FTL AMPlifier Platinum
  • *
  • Offline Offline
  • Posts: 107
    • View Profile
Information Security
« on: October 03, 2013, 10:09:08 PM »

Logged

Temper

  • FTL AMPlifier Platinum
  • *
  • Offline Offline
  • Posts: 107
    • View Profile
Re: Information Security
« Reply #2 on: October 03, 2013, 10:24:24 PM »

On a side note, it looks like if you use a non-standard network card that does NOT support vPro - you could effectively disable its remote abilities. (as long as you never manually activated it?)
Logged

Temper

  • FTL AMPlifier Platinum
  • *
  • Offline Offline
  • Posts: 107
    • View Profile
Re: Information Security
« Reply #3 on: October 05, 2013, 09:55:46 PM »

And vPro has been hacked.. predictably..

http://www.infoworld.com/d/security-central/researchers-hack-intels-vpro-604
http://www.dailypaul.com/289567/hacked-cbs-computers-turning-themselves-on-at-night-then-off
http://en.wikipedia.org/wiki/Intel_vPro

On a bit of the nutty side:
http://www.jimstonefreelance.com/corevpro.html
http://www.theregister.co.uk/2013/09/23/intel_stuns_world_with_wakeon3g/

TO BE CLEAR, the intel chips DO NOT, to the best of my knowledge, have a 3g chip built into them. These people do NOT understand what Intel is saying with the 3G/4G statements. IF your laptop has a 3g/4g card, vPRO can now use it via SMS etc. It is similar to how you can kill cell phones from remote.

So what does all this mean?

Well if you watch the videos, you can turn on, remote boot an OS over network, and reinstall an OS all from remote. This means that a person can turn on, disable the monitor (power sleep mode), then access ANYTHING they want, then turn off the PC. Interestingly, the vPRO system strips out the vPRO commands before the OS can recieve them to remove the ability to monitor for vPRO commands. And even as the Intel chips do NOT currently have CDMA/EDGE/HSPA+ modems in them now, there is actually nothing to prevent them from being added. This system overrides ALL SECURITY FOREVER. If vPRO is not secure then the system cannot be secured. Period. In fact, depending on how this is designed, or could be designed later, the NSA could use this to copy sections of ram, hard drive, etc. even while you use the system. Even encryption would be pointless as they could copy the encryption key from memory after/as you encrypt the files.

Granted, I do not know if this is currently how things work. But this is a VERY REAL SECURITY CONCERN. And if the  NSA does run over to Intel/AMD and order them to make this NSA user friendly it is a nightmare.

So I am not trying to panic you but I am trying to bring awareness to this. And yes, right now this is just for certain processors (supposedly - you will never know what is REALLY on a CPU core as it is so small it is impossible to look.)
without backlash someday these components may end up on ALL CPUs.
Logged

Temper

  • FTL AMPlifier Platinum
  • *
  • Offline Offline
  • Posts: 107
    • View Profile
Re: Information Security
« Reply #4 on: October 06, 2013, 07:44:21 PM »

Follow a debate I am having with another IT geek. The key part you should get from it is this:

"Okay, fine, you got me. The typical use-case for this when a customer performs a bulk order through someone like Dell or HP (similar to how you can ask for a pre-set BIOS boot order and supervisor password), but I suppose the NSA could get a key preloaded." -celestrion

http://www.reddit.com/r/freetalklive/comments/1nrrk6/intel_vpro_technologynot_necessarily_a_security
Logged
Pages: [1]   Go Up
+  The Free Talk Live BBS
|-+  Free Talk Live
| |-+  General
| | |-+  Information Security

// ]]>

Page created in 0.018 seconds with 31 queries.