Re: Post : INTEL’S SECURITY FLAW IS NO FLAW

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Eric Oyen
Date:  
To: Main PLUG discussion list
Subject: Re: Post : INTEL’S SECURITY FLAW IS NO FLAW
The management engine has it's own issues, including not allowing non-signed software to be installed or executed (read the FSF article for further details).

-eric
from the central offices of the Technomage Guild, the "just the facts, Ma'am" Dept.

On Jan 11, 2018, at 8:47 AM, Stephen Partington wrote:

> Something to consider is the the meltdown and spectre flaws are entirely seperate than the management engine. Which has known vulnerabilities.
>
> On Jan 11, 2018 8:41 AM, <> wrote:
>
>
> While this article may not be factual, it is completely within the realm of possibilities. This is a huge problem and there may be HUGE consequences.
>
> What I'd like to know is how these issues persisted for over 20 years without detection. I assume Intel, AMD and the other chip manufactures have some really smart people on staff. Given that, how did these issues, that are basic to the CPU functionality, become built in without detection (or functionality left out). How is it that some guy reading the CPU manual discovered he could trick the CPU into spilling it's cache so he can have access to other programs data. How is it that under certain circumstances Kernel memory can be accessed giving away the store.
>
> I've read these issues may have persisted as far back as 1995. How does that happen? How does an army of engineers miss this for 23 years? How do you explain that?
>
> That means lots of people came and went. There should have been lots of QA... for 23 years.
>
> How does this happen? Only two ways I can see 1) sloppy work, or 2) intentionally.
>
> We all know that every phone call and electronic message is stored in Government warehouse(s). We have all heard that it is possible to function our cellular phones remotely so others can spy on us. And there is much more....
>
> If this was done for the Gov. Maybe it was done for national security -- not meant to be used against U.S.citizens. Maybe it was done (if intentional) to give the Gov the ability to spy on our adversaries. Maybe it started out innocently.
>
> The bottom line is we have a HUGE problem that will take years to work though. And we have a HUGE question of how did this persist for 23 years without detection?
>
>
>
> On 2018-01-10 22:03, Steve Litt wrote:
> On Wed, 10 Jan 2018 09:39:54 -0700
> wrote:
>
> Hi,
>
> Who knows if this is true, however here it is:
>
> https://www.reddit.com/r/CBTS_Stream/comments/7pb7pv/intels_security_flaw_is_no_flaw/?st=jc9a2mp7&sh=7ef2e2c1
>
> I would hope people smart enough and possessing enough knowledge of
> logic to program computers would have the smarts and logic not to pass
> along "information" like this, even with the "who knows if this is
> true" disclaimer. I didn't see one reference to a remotely credible
> source, and I saw an obvious political agenda in both the article and
> the comments.
>
> I went up the URL to https://www.reddit.com/r/CBTS_Stream/ and still
> saw nothing but drivel from wannabe poser internet journalists making
> up unsupported pseudo-speculations. No different from the tabloids at
> the checkout line, except probably less credible.
>
> Passing along a URL to a sewer site like this is a disservice to all,
> and lowers your credibility, "who knows if this is true" not
> withstanding. I hope nobody passes this further, because it's almost
> certainly just plain bullshit.
>
> SteveT
>
> Steve Litt
> December 2017 featured book: Thriving in Tough Times
> http://www.troubleshooters.com/thrive
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss


---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss