An Interest In:
Web News this Week
- March 21, 2024
- March 20, 2024
- March 19, 2024
- March 18, 2024
- March 17, 2024
- March 16, 2024
- March 15, 2024
Some of Our Sources
- BoingBoing
- Just Creative
- TutsPlus - Design
- Vandelay Design
- You The Designer
- Creative Curio
- Fuel Your Creativity
- My Ink Blog
- Stylized Web
- Spyre Studios
Help Webnuz
Referal links:
January 13, 2018 12:00 am
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/jNqdMlBNS7M/researcher-finds-another-security-flaw-in-intel-management-firmware
Researcher Finds Another Security Flaw In Intel Management Firmware
An anonymous reader quotes a report from Ars Technica: Meltdown and Spectre are not the only security problems Intel is facing these days. Today, researchers at F-Secure have revealed another weakness in Intel's management firmware that could allow an attacker with brief physical access to PCs to gain persistent remote access to the system, thanks to weak security in Intel's Active Management Technology (AMT) firmware -- remote "out of band" device management technology installed on 100 million systems over the last decade, according to Intel. [T]he latest vulnerability -- discovered in July of 2017 by F-Secure security consultant Harry Sintonen and revealed by the company today in a blog post -- is more of a feature than a bug. Notebook and desktop PCs with Intel AMT can be compromised in moments by someone with physical access to the computer -- even bypassing BIOS passwords, Trusted Platform Module personal identification numbers, and Bitlocker disk encryption passwords -- by rebooting the computer, entering its BIOS boot menu, and selecting configuration for Intel's Management Engine BIOS Extension (MEBx). If MEBx hasn't been configured by the user or by their organization's IT department, the attacker can log into the configuration settings using Intel's default password of "admin." The attacker can then change the password, enable remote access, and set the firmware to not give the computer's user an "opt-in" message at boot time. "Now the attacker can gain access to the system remotely," F-Secure's release noted, "as long as they're able to insert themselves onto the same network segment with the victim (enabling wireless access requires a few extra steps)."Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/jNqdMlBNS7M/researcher-finds-another-security-flaw-in-intel-management-firmware
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot