From plug-discuss-bounces@lists.phxlinux.org Thu Jan 11 16:18:06 2018 Return-Path: X-Original-To: lurker@lists.phxlinux.org Delivered-To: lurker@lists.phxlinux.org Received: from phxlinux.org (localhost [127.0.0.1]) by phxlinux.org (Postfix) with ESMTP id 30CC832A01B9; Thu, 11 Jan 2018 16:18:06 -0700 (MST) X-Original-To: plug-discuss@lists.phxlinux.org Delivered-To: plug-discuss@lists.phxlinux.org Received: from mr26p44im-ztdg08103301.me.com (mr26p44im-ztdg08103301.me.com [17.111.247.49]) by phxlinux.org (Postfix) with ESMTPS id 2495E32A01B6 for ; Thu, 11 Jan 2018 16:18:04 -0700 (MST) Received: from process-dkim-sign-daemon.mr26p44im-ztdg08103301.me.com by mr26p44im-ztdg08103301.me.com (Oracle Communications Messaging Server 8.0.1.2.20170607 64bit (built Jun 7 2017)) id <0P2E00500Z8K8R00@mr26p44im-ztdg08103301.me.com> for plug-discuss@lists.phxlinux.org; Thu, 11 Jan 2018 23:18:03 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=icloud.com; s=04042017; t=1515712682; bh=YQy0eBnVYlKfnkqAaNjbYIkCr4j2xA0wPtXFgZITXsY=; h=From:MIME-version:Content-type:Subject:Date:To:Message-id; b=nZ53hTBYKlEMPEs/a6/KKo38XQgUm2ACbscQ09Sdfa0QRscyzW0xnhrJtyXtC5apF znjcJJDyN5N8ERB6enQueMshw27jUSRvtrx2AF+Y1llt8DG4fHlrKenH5ZZOga9REW ABpsATbWn9Brlkx48texZnWcylOEoria3EJDSI78XkCl/krb98EwKnKqp+SJoZaWPg yNvPRS64rvokA/svUUo8BG/tiajSoPWIJ0CoJ71jNMhnvh3JCI13uKhu0+Qw6g/rx4 cX1QFP6fU7upJVX33NfRbVpMG+CuyRxvgw/SZ5Pioc37ruAkN4x7CG1rw1cZMtFo22 irJv/tvTvfB/A== Received: from icloud.com ([127.0.0.1]) by mr26p44im-ztdg08103301.me.com (Oracle Communications Messaging Server 8.0.1.2.20170607 64bit (built Jun 7 2017)) with ESMTPSA id <0P2E00CSLZDZY820@mr26p44im-ztdg08103301.me.com> for plug-discuss@lists.phxlinux.org; Thu, 11 Jan 2018 23:18:01 +0000 (GMT) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2018-01-11_08:,, signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 clxscore=1015 suspectscore=2 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1707230000 definitions=main-1801110311 From: Eric Oyen MIME-version: 1.0 (Apple Message framework v1283) Subject: =?windows-1252?Q?Re=3A_Post_=3A_INTEL=92S_SECURITY_FLAW_IS_NO_FL?= =?windows-1252?Q?AW?= Date: Thu, 11 Jan 2018 16:17:59 -0700 In-reply-to: To: Main PLUG discussion list References: <20180111000358.4592442b@mydesk.domain.cxm> <1b93cf5ba951530d4a1aed28a87abbb5@phpcoderusa.com> Message-id: <1E203570-89A3-40AC-BE8C-49347991F4E0@icloud.com> X-Mailer: Apple Mail (2.1283) X-BeenThere: plug-discuss@lists.phxlinux.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Main PLUG discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Main PLUG discussion list Content-Type: multipart/mixed; boundary="===============2329422162112775610==" Errors-To: plug-discuss-bounces@lists.phxlinux.org Sender: "PLUG-discuss" --===============2329422162112775610== Content-type: multipart/alternative; boundary="Apple-Mail=_9E93C7F7-6D84-43E2-8394-CFEF5FFBBC1B" --Apple-Mail=_9E93C7F7-6D84-43E2-8394-CFEF5FFBBC1B Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii The management engine has it's own issues, including not allowing = non-signed software to be installed or executed (read the FSF article = for further details). -eric from the central offices of the Technomage Guild, the "just the facts, = Ma'am" Dept. On Jan 11, 2018, at 8:47 AM, Stephen Partington wrote: > Something to consider is the the meltdown and spectre flaws are = entirely seperate than the management engine. Which has known = vulnerabilities.=20 >=20 > On Jan 11, 2018 8:41 AM, wrote: >=20 >=20 > While this article may not be factual, it is completely within the = realm of possibilities. This is a huge problem and there may be HUGE = consequences. >=20 > What I'd like to know is how these issues persisted for over 20 years = without detection. I assume Intel, AMD and the other chip manufactures = have some really smart people on staff. Given that, how did these = issues, that are basic to the CPU functionality, become built in without = detection (or functionality left out). How is it that some guy reading = the CPU manual discovered he could trick the CPU into spilling it's = cache so he can have access to other programs data. How is it that = under certain circumstances Kernel memory can be accessed giving away = the store. >=20 > I've read these issues may have persisted as far back as 1995. How = does that happen? How does an army of engineers miss this for 23 years? = How do you explain that? >=20 > That means lots of people came and went. There should have been lots = of QA... for 23 years. >=20 > How does this happen? Only two ways I can see 1) sloppy work, or 2) = intentionally. >=20 > We all know that every phone call and electronic message is stored in = Government warehouse(s). We have all heard that it is possible to = function our cellular phones remotely so others can spy on us. And there = is much more.... >=20 > If this was done for the Gov. Maybe it was done for national security = -- not meant to be used against U.S.citizens. Maybe it was done (if = intentional) to give the Gov the ability to spy on our adversaries. = Maybe it started out innocently. >=20 > The bottom line is we have a HUGE problem that will take years to work = though. And we have a HUGE question of how did this persist for 23 = years without detection? >=20 >=20 >=20 > On 2018-01-10 22:03, Steve Litt wrote: > On Wed, 10 Jan 2018 09:39:54 -0700 > techlists@phpcoderusa.com wrote: >=20 > Hi, >=20 > Who knows if this is true, however here it is: >=20 > = https://www.reddit.com/r/CBTS_Stream/comments/7pb7pv/intels_security_flaw_= is_no_flaw/?st=3Djc9a2mp7&sh=3D7ef2e2c1 >=20 > I would hope people smart enough and possessing enough knowledge of > logic to program computers would have the smarts and logic not to pass > along "information" like this, even with the "who knows if this is > true" disclaimer. I didn't see one reference to a remotely credible > source, and I saw an obvious political agenda in both the article and > the comments. >=20 > I went up the URL to https://www.reddit.com/r/CBTS_Stream/ and still > saw nothing but drivel from wannabe poser internet journalists making > up unsupported pseudo-speculations. No different from the tabloids at > the checkout line, except probably less credible. >=20 > Passing along a URL to a sewer site like this is a disservice to all, > and lowers your credibility, "who knows if this is true" not > withstanding. I hope nobody passes this further, because it's almost > certainly just plain bullshit. >=20 > SteveT >=20 > Steve Litt > December 2017 featured book: Thriving in Tough Times > http://www.troubleshooters.com/thrive > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss --Apple-Mail=_9E93C7F7-6D84-43E2-8394-CFEF5FFBBC1B Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii The = management engine has it's own issues, including not allowing non-signed = software to be installed or executed (read the FSF article for further = details).

-eric
from the central offices of = the Technomage Guild, the "just the facts, Ma'am" = Dept.

On Jan 11, 2018, at 8:47 AM, Stephen = Partington wrote:

Something to consider is the the = meltdown and spectre flaws are entirely seperate than the management = engine. Which has known vulnerabilities. 

On Jan 11, 2018 = 8:41 AM, <techlists@phpcoderusa.com>= ; wrote:


While this article may not be factual, it is completely within the realm = of possibilities. This is a huge problem and there may be HUGE = consequences.

What I'd like to know is how these issues persisted for over 20 years = without detection.  I assume Intel, AMD and the other chip = manufactures have some really smart people on staff.  Given that, = how did these issues, that are basic to the CPU functionality, become = built in without detection (or functionality left out).  How is it = that some guy reading the CPU manual discovered he could trick the CPU = into spilling it's cache so he can have access to other programs = data.  How is it that under certain circumstances Kernel memory can = be accessed giving away the store.

I've read these issues may have persisted as far back as 1995.  How = does that happen?  How does an army of engineers miss this for 23 = years?  How do you explain that?

That means lots of people came and went.  There should have been = lots of QA... for 23 years.

How does this happen?  Only two ways I can see 1) sloppy work, or = 2) intentionally.

We all know that every phone call and electronic message is stored in = Government warehouse(s).  We have all heard that it is possible to = function our cellular phones remotely so others can spy on us. And there = is much more....

If this was done for the Gov.  Maybe it was done for national = security -- not meant to be used against U.S.citizens.  Maybe it = was done (if intentional) to give the Gov the ability to spy on our = adversaries.  Maybe it started out innocently.

The bottom line is we have a HUGE problem that will take years to work = though.   And we have a HUGE question of how did this persist = for 23 years without detection?



On 2018-01-10 22:03, Steve Litt wrote:
On Wed, 10 Jan 2018 09:39:54 -0700
techlists@phpcoderusa.com wrote:

Hi,

Who knows if this is true, however here it is:

https://www.reddit.com/r/CBTS_Stream/comments/7pb7p= v/intels_security_flaw_is_no_flaw/?st=3Djc9a2mp7&sh=3D7ef2e2= c1

I would hope people smart enough and possessing enough knowledge of
logic to program computers would have the smarts and logic not to = pass
along "information" like this, even with the "who knows if this is
true" disclaimer. I didn't see one reference to a remotely credible
source, and I saw an obvious political agenda in both the article = and
the comments.

I went up the URL to https://www.reddit.com/r/CBTS_Stream/ and = still
saw nothing but drivel from wannabe poser internet journalists = making
up unsupported pseudo-speculations. No different from the tabloids = at
the checkout line, except probably less credible.

Passing along a URL to a sewer site like this is a disservice to = all,
and lowers your credibility, "who knows if this is true" not
withstanding. I hope nobody passes this further, because it's almost
certainly just plain bullshit.

SteveT

Steve Litt
December 2017 featured book: Thriving in Tough Times
http://www.troubleshooters.com/thrive
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-dis= cuss
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-dis= cuss
---------------------------------------------------
PLUG-discuss = mailing list - PLUG-discuss@lists.phxlinu= x.org
To subscribe, unsubscribe, or to change your mail = settings:
http://li= sts.phxlinux.org/mailman/listinfo/plug-discuss

<= /div>= --Apple-Mail=_9E93C7F7-6D84-43E2-8394-CFEF5FFBBC1B-- --===============2329422162112775610== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tClBMVUct ZGlzY3VzcyBtYWlsaW5nIGxpc3QgLSBQTFVHLWRpc2N1c3NAbGlzdHMucGh4bGludXgub3JnClRv IHN1YnNjcmliZSwgdW5zdWJzY3JpYmUsIG9yIHRvIGNoYW5nZSB5b3VyIG1haWwgc2V0dGluZ3M6 Cmh0dHA6Ly9saXN0cy5waHhsaW51eC5vcmcvbWFpbG1hbi9saXN0aW5mby9wbHVnLWRpc2N1c3M= --===============2329422162112775610==--