[coreboot] AMT bug
ron minnich
rminnich at gmail.com
Mon May 8 06:40:27 CEST 2017
There's a good summary about 3/4 way down the page.
https://arstechnica.com/security/2017/05/the-hijacking-flaw-that-lurked-in-intel-chips-is-worse-than-anyone-thought/
Just write a simple C/Python/Perl/Go program that sends a 0 length
password, done.
This certainly seems to show there was no fuzzing or even simple testing of
the http server in AMT. Is it possible they ONLY ever tested the login
dialog by hand, with a web browser? It seems so. Yeeesh!
I thought the whole reflash path of AMT was to ask it to reflash itself. Is
that incorrect? If correct, and the AMT has been exploited via this path,
can we really trust any reflash operation? Any thoughts on this from anyone
who knows?
I was involved in some USG issues around the time of Y2K and at least one
agency shredded every non-Y2K-compliant system they had. Would that make
sense for systems with this AMT vulnerability? Just assume the worst and
destroy them?
I am long past believing one can build secure platforms on any x86 chipset.
This mess only strengthens that conviction. But there are some great RISC-V
announcements this week!
ron
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot/attachments/20170508/b7897fb2/attachment.html>
More information about the coreboot
mailing list