22 comments

[ 0.21 ms ] story [ 44.5 ms ] thread
The linked thread discussing weak passwords is particularly delightful in the context of solarwinds123
This links to full article though, not just a tweet. Now its killed as dupe...
Not sure why it was marked as a dupe, but IMO the poster should have included (2020) in the title to make it clear that this isn't breaking news from today. This article does provide value in explaining what's in the dump (plus the old tweet is no longer available) so maybe @dang will re-up[0] it later on.

0: https://github.com/minimaxir/hacker-news-undocumented#second...

For those wondering:

This is the leak from last August, not a new one.

So that leads me to wonder, were the Intel ME conspiracy govware theories true?
Maybe now we can have an audit of the ME code to see if any 0-day back doors still exist.
Considering ME firmware isn’t generally patched - wouldn’t that be the most lucrative exploit possible?
It actually does get patched through firmware updates.
Does your aunt know how to apply bios updates? And that's assuming such updates are available at all. I searched up various Z170 (released mid 2015) chipset motherboards, and the bios updates seem to end around early-mid 2018. That works out to around 3 years of patches. It's therefore reasonable to assume that if any exploit was discovered today, any systems 3+ year old are sitting ducks.
She doesn't need to know. They'll come through Windows update and automatically be applied.
Even on linux its trivial. Just pressing update in the gnome software program will update the firmware.
Are we talking about the same thing here? Microcode updates might be delivered through windows update but is ME updates delivered through that? Or is it through bios updates?
My aunt probably isn't running a corporate machine that would HAVE the IME in it. It's a business-oriented feature that is part of the chipset, not the CPU.
How many are actually applied? I wouldn't know how to patch ME on anything I own, even if I cared to.
I've definitely seen Windows update push firmware updates but that was on a Surface so not sure if it's a first-party only thing or if any OEM can use that channel.
On windows, do nothing, it will be applied automatically. On linux and mac, press update in the app store / gnome software.
(comment deleted)
If you see xyz magic string, take the next 1000 bytes and execute them.
I’m curious about the legal state of any academic research that would be done on top of these leaks. If I recall correctly some of the details of the exact workings of atomic instructions and cache coherence protocol are not publicly documented and had to be discovered empirically. Would be fun to confirm some of these findings and settle some old arguments through direct inspection of the design.
(comment deleted)