If you own an Intel computer made in the last 10 years, throw it away
-
Just toss it in the garbage.
-
smiles smugly as she has an AMD processor
-
-
If you literally own an Intel computer literally made in the last 10 years, literally throw it away
FTFY
-
@bugmenot said in If you own an Intel computer made in the last 10 years, throw it away:
Just toss it in the garbage.
Unless it's sitting behind a real firewall
-
Unless your "real firewall" also has a backdoor in it. Or you execute any software at all that you haven't built yourself, because it's also free access to Ring -3 for any local user who asks nicely for it.
Richard Stallman and Ken Thompson are laughing at you.
-
All computers?
From Intel's security report linked in the article:
This vulnerability does not exist on Intel-based consumer PCs.
-
@JBert I suspect Intel's definition of "consumer" is significantly different from the dictionary definition, considering I've seen many "consumer" computers that have both AMT and Intel Management Engine sitting right there.
-
@hungrier I counted 5 or 6 uses of that word in the third paragraph. Good God that was annoying to read.
-
@bugmenot said in If you own an Intel computer made in the last 10 years, throw it away:
Unless your "real firewall" also has a backdoor in it.
My firewall is AMD based, and running this:
-
@CrazyEyes said in If you own an Intel computer made in the last 10 years, throw it away:
.
Read Matt Garrett's description of the bug for a literally much less annoying summary https://mjg59.dreamwidth.org/48429.html
-
Also, 'd at https://what.thedailywtf.com/topic/22816/maybe-vuln-in-intel-chipsets-from-2008-to-today
-
@gwowen said in If you own an Intel computer made in the last 10 years, throw it away:
Read Matt Garrett's description of the bug for a literally much less annoying summary https://mjg59.dreamwidth.org/48429.html
To note:
Unless you've explicitly enabled AMT at any point, you're probably fine.
-
@bugmenot said in If you own an Intel computer made in the last 10 years, throw it away:
Unless your "real firewall" also has a backdoor in it. Or you execute any software at all that you haven't built yourself, because it's also free access to Ring -3 for any local user who asks nicely for it.
Richard Stallman and Ken Thompson are laughing at you.
And I'm laughing at you. It's vulnerabilities all the way down, huh? One wonders how you're managing to post on this forum via an abacus.
@JBert said in If you own an Intel computer made in the last 10 years, throw it away:
From Intel's security report linked in the article:
This vulnerability does not exist on Intel-based consumer PCs.
DHS is saying the same thing. Small business and enterprise deployments should probably take note, but home deployments either have no need to worry or (probably) have bigger threats in their landscape.
-
@RaceProUK said in If you own an Intel computer made in the last 10 years, throw it away:
smiles smugly as she has an AMD processor
smiles smugly as he has a Core 2 Duo from 2006
-
@anonymous234 said in If you own an Intel computer made in the last 10 years, throw it away:
@RaceProUK said in If you own an Intel computer made in the last 10 years, throw it away:
smiles smugly as she has an AMD processor
smiles smugly as he has a Core 2 Duo from 2006
smiles smugly as she has a Samsung Exynos 8 Octa 8890
-
@bugmenot Nah. I am running Sniper at 4k. Nothing else matters.
-
-
@lucas1 Is that Dishonored 2?
Note to self: I really need a new PC.
-
@JBert Yes.
Don't buy it. Campaign is a bit meh tbh. Dishourned 1 and the DLC is a far better buy IMO.
-
@bugmenot said in If you own an Intel computer made in the last 10 years, throw it away
Richard Stallman and Ken Thompson are laughing at you.
Good, cause I'm laughing at them. The more the merrier!
-
The real question is... how can you tell if your PC is affected?
-
@powerlord Replying to my own post, but apparently Intel has a tool to check if your processor has any of these technologies. This PDF has more info.
-
@powerlord said in If you own an Intel computer made in the last 10 years, throw it away:
how can you tell if your PC is affected?
@Tsaukpaetra said in maybe vuln in intel chipsets from 2008 to today:
@hungrier said in maybe vuln in intel chipsets from 2008 to today:
Determine if
Why not just make an exploit checker program? Then the hackers could use it to swipe in their own exploit and fix all the things!
-
@powerlord said in If you own an Intel computer made in the last 10 years, throw it away:
The real question is... how can you tell if your PC is affected?
You can scan your PC (from another machine; I scanned from my router) for TCP ports 623, 664, 16992-16995.
-
@hungrier said in If you own an Intel computer made in the last 10 years, throw it away:
If you literally own an Intel computer literally made in the last 10 years, literally throw it away
FTFY
That includes Mac.
I wonder if this affects Mac too, or is it Windows only?
If this affects Mac systems, will Intel release tools for firmware update for Mac?
-
@heterodox It's more than just the LMS service.
The bad news is that if you don’t have it turned on or provisioned the vulnerability is still exploitable locally
-
Another security researcher that cried wolf.
This thing is of no concern to 99% of "ordinary" users. I guess companies need to update firmwares at some point, but there's no reason to panic.
-
@cheong said in If you own an Intel computer made in the last 10 years, throw it away:
@heterodox It's more than just the LMS service.
The bad news is that if you don’t have it turned on or provisioned the vulnerability is still exploitable locally
And requires local admin to exploit...
-
@sloosecannon said in If you own an Intel computer made in the last 10 years, throw it away:
@cheong said in If you own an Intel computer made in the last 10 years, throw it away:
@heterodox It's more than just the LMS service.
The bad news is that if you don’t have it turned on or provisioned the vulnerability is still exploitable locally
And requires local admin to exploit...
Sure if the firmware won't talk to onboard NIC directly... so not sure. But there's strong hint that it has access to network without going through the operating system.
When Intel told us that a version of AMT could be used to bare metal image a dead machine over a cellular connection, we turned white.
Btw, something more relevant to us in the security center, IntelHAXM.sys has an Elevation of Privilege Vulnerability Those running Android VMs will want to check for update.
-
@bugmenot said in If you own an Intel computer made in the last 10 years, throw it away:
Just toss it in the garbage.
Shouldn't this be in the "internet of shit" thread?
-
@cheong said in If you own an Intel computer made in the last 10 years, throw it away:
IntelHAXM.sys
At least they chose a fitting name for it, then
-
@lucas1 The first level has ludicrous difficulty spikes. On "Normal" difficult, the very first guard pattern is almost impossible to get past without an alert-- I swear the level designer forgot the player doesn't have any equipment (other than the default sword) or super-powers at that point and designed the patrol pattern as if they did. (I could have easily done it with a couple sleep darts, for example. Which you get later.) The next 3 guard patrols are about as hard.
But that's ok because there's an overhead shortcut you can use to get right to the end of the level, bypassing all the impossible guard patrols. Only problem is: if you do that, you SKIP the entire level. You get no paintings, no money, no lore books, no audiologs, no optional objectives. What's even the point to playing it?
If an experienced player of the first game who beat it with 100% low chaos can't get past the first patrol of the game in less than 10 tries, you did a bad job designing the game. I ended up turning it to "Easy", then ended up playing something else.
Sad because Dishonored 2 looks amazing.
-
@blakeyrat if you use the shortcut, can you return to beat the level later, after you get some better gear?
-
@anotherusername Maybe New Game+?
But it's not an open world game, so not normally, no.
-
@blakeyrat I did the first level without getting caught.