Intel chip vulnerability lets hackers easily hijack fleets of PCs

Discussion in 'PC Hardware' started by MrG, May 9, 2017.

  1. Tiger-1

    Tiger-1 MDL Guru

    Oct 18, 2014
    7,897
    10,733
    240
    Hi Hadron-Curious in your country is not possible you import this hardware directly? o_O
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. GOD666

    GOD666 MDL Expert

    Aug 1, 2015
    1,958
    2,059
    60
    I was wondering the same thing about @Hadron-Curious Where on earth are you?
     
  3. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    47,003
    93,796
    450
    Nice witch-hunt because one member reported his cpu as vulnerable while another exact same cpu is not ;)

    Afaik, Nigeria.
     
  4. Hadron-Curious

    Hadron-Curious MDL Guru

    Jul 4, 2014
    3,730
    603
    120
    Importing those parts would probably double the price and the process is very tedious.
     
  5. Hadron-Curious

    Hadron-Curious MDL Guru

    Jul 4, 2014
    3,730
    603
    120
    #46 Hadron-Curious, May 25, 2017
    Last edited: May 25, 2017
    The rules and regulations guiding importation make things difficult over here. The shipping(especially the custom) and time are not so encouraging.

    I am in Nigeria.

    Not really. The online reports prove that the vulnerabilities all rather vulnerability has been there for long, for almost a decade, without Intel providing a patch. Let's not ignore the problem as though it only affects one or two individual computers but different generations of the Intel processors. It is just a proof of negligence on the part of the tech giant.

    Don't blame me for trying to take some precaution. I know that nothing is really super safe online yet little watchfulness is needed, most especially, when you are in a developing country. I am only trying to be proactive here though.
     
  6. Tiger-1

    Tiger-1 MDL Guru

    Oct 18, 2014
    7,897
    10,733
    240
    sorry Enthousiast I like you very much :) but I need agree with Hadron-Curious realy Intel was negligent for long time unfortunately still I don't know if AMD also can have some issues in this time ;)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. MrG

    MrG MDL Expert

    May 31, 2010
    1,397
    1,602
    60
    I tested both of my Lenovo laptops for the Intel Risk Assessment.
    1 was ok but the (2010 model) W510 turned up vulnerable, I don't use it much as its a bit slow w/ the i5 M560 CPU.

    W510 Laptop_ 0a IntelChip AssessmentB.jpg
     
  8. John Sutherland

    John Sutherland MDL Addicted

    Oct 15, 2014
    867
    1,388
    30
    #49 John Sutherland, May 26, 2017
    Last edited: May 26, 2017
    LOL. It just goes to show what a hoax the entire anti-virus/anti-malware software industry has been playing on us for years and years. What good is trying to protect yourself from software-based intrusions if the underlying hardware itself has been compromised right from the very start?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. Tiger-1

    Tiger-1 MDL Guru

    Oct 18, 2014
    7,897
    10,733
    240
    yep I agree 100% dude, for this reason that I don't use none AV so I believe that only Windows Firewall REALLY can protect us ;)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. Hadron-Curious

    Hadron-Curious MDL Guru

    Jul 4, 2014
    3,730
    603
    120
    That is the truth of the matter. In having purchased systems with safe Intel processors the use for Anti-virus/Malware would be useful. There is nothing really 'super safe' online and precaution should be a simple way to avoid some of the common attacks. Above all common sense is a very important parts in being secure online, that means don't disable security tools when malicious software told you to or click on unnecessary links that lead to malicious websites, etc. There are lot other measures which needed to be taken to be relatively safe online besides using common sense though.

    Anti-virus/Malware are not completely useless in themselves but somehow sometimes they can be annoying when they becoming acting like what they are meant to protect against. Like in the situation where Windows Defender recent issue of initiating an exploit when used to scan your system for malicious software. I still think people need to be educated on how to avoid some common pitfalls when online.
     
  11. Tiger-1

    Tiger-1 MDL Guru

    Oct 18, 2014
    7,897
    10,733
    240
    To Hadron-Curious ok myself prefer use of Windows Firewall instead AV and of course sense common is fundamental but a lot of people's still "visit" constantly bad websites searching for warez and several bad things then "good luck" for them buying AV and other crap protections thinking that are secure lol
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. MS_User

    MS_User MDL Guru

    Nov 30, 2014
    4,617
    1,340
    150
    for sure... people that dont want to pay for software will always be at risk....warez freebies come with a price ;-)
     
  13. Hadron-Curious

    Hadron-Curious MDL Guru

    Jul 4, 2014
    3,730
    603
    120
    One of the reasons why I think many people don't want to purchase software online from the right sources is because of the access to them. In most developing countries to buy things online from developed nations are very difficult. Either you are not having the access to credit cards accepted world wide or you are prevented from buying at all due to your location. When blaming people who search for freebies online it is also good to look at the avenue they are provided to easily purchase software when they intend to.

    I have had a first-hand experience with Windows Store where I was not allowed to purchase an app or songs due to my location. I couldn't help shaking my head throughout the whole time trying to do my purchase - I intentionally describe it as a 'location discrimination' to a friend. It is sad though getting your hand on software online that you are not allowed to purchase when from developing countries and it has given room to wares sites thereby exposing many computer systems to vulnerabilities.
     
  14. Tiger-1

    Tiger-1 MDL Guru

    Oct 18, 2014
    7,897
    10,733
    240
    ^^^
    once I bought one application named as Advanced System Care (in this time I'm still perfect n00b lol) with credit card without issues and some days after mail send to me one cd backup by Avangate Secure Ordering :rolleyes: then after I discover that this software don't deserve my money :mad:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. Hadron-Curious

    Hadron-Curious MDL Guru

    Jul 4, 2014
    3,730
    603
    120
    #56 Hadron-Curious, May 28, 2017
    Last edited: May 31, 2017
    Before you buy any software online try the sample first, although, you claim to be a noob by then. When buying software I usually make sure it is really what the developers said it does or I am not going to put my money in it.

    Now the vulnerability issues we are looking at here come from different areas - like what we have seen there are ones that come from the hardware manufacturers as in the case of Intel and other, there are those from the operating systems like in the case of Microsoft Windows Defender built into the system having issue with an exploit, the late patches for vulnerabilities discovered by people and the easily preventable ones contacted from visiting malicious website or initiating malware uploaded to sites, etc. What I do most time is to read up on computer issues or vulnerabilities I have no much idea on and take the necessary steps provided to work in protecting myself as much as possible. That doesn't mean I am 100% safe but it goes a long way to make me feel a little bit comfortable when working online.
     
  16. atgpud2003

    atgpud2003 MDL Addicted

    Apr 30, 2015
    520
    85
    30
    Mine is safe because I bought Retail CPU. SO, OEM is more common matters, when you built PC with Intel CPU, Please make sure you buy Retail CPU is good to go, also make sure the BIOS is up to date by doing your homework.. ALL Windows Updates is MUST.. This system would be fine.. Honesty, I have nothing to hide this matter because I backup my stuff.

    Good luck to all and hopefully resolve your issues! - ATGPUD2003
     
  17. John Sutherland

    John Sutherland MDL Addicted

    Oct 15, 2014
    867
    1,388
    30
    From what I have read, it's really not a matter of whether the CPU is retail or OEM. The problem is whether or not the CPU allows for the use of Intel's Active Management Technology (AMT) and Intel's Management Engine (ME). AMT/ME uses a separate sub-processor chip on the motherboard that allows for remote access to the machine. This makes it possible for IT managers to update large batches of machines all at once or to troubleshoot machines individually.

    One thing I read that I found very troubling is the fact that it doesn't matter whether or not the main CPU is powered up or if the machine's operating system is active, sleeping, hibernating, or shut down. The AMT chip operates totally independent of the main CPU and the installed OS using it's own set of instructions. It can establish an internet connection, remotely boot the OS, access and change the BIOS settings, and much more. Also, it doesn't matter if the machine has Linux, BSD, or Mac OS-X installed in place of Windows, remote access using AMT/ME is still possible.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  18. Michaela Joy

    Michaela Joy MDL Crazy Lady

    Jul 26, 2012
    4,071
    4,651
    150
    @john: That is scary. That means that a clever hacker can infect an entire server farm using ME/AMT.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  19. Hadron-Curious

    Hadron-Curious MDL Guru

    Jul 4, 2014
    3,730
    603
    120
    That is very likely to have happened before not that I have evidence to prove it. Looking at the way hackers have been cracking large corporations around the global it is obvious, perhaps, this could be one of the loopholes they use to achieve their malicious aims.

    There is supposed to be a strong protection for process involving large number of computers from Intel - which must include a wide range of security protocols to be meant before even allowed to use it. Something like unique master keys which needed to be created when doing the first installation and no access is allowed to anybody until they are provided during use of Intel Management Engines or the Active Management Technology. The way of solving the problem seems to be easy, if only Intel is ready to wade in on the matter for security of people and companies.