Ex-Intel Security Expert: New Spectre Attack Can Even Reveal Firmware Secrets

Megalith

Megalith

24-bit/48kHz
Staff member
Joined
Aug 20, 2006
Messages
13,000
Yuriy Bulygin, who once headed Intel's advanced threat team, has discovered that Spectre variant 1 can be modified with kernel privileges to break into the System Management Mode (SMM) of x86 systems. These attacks would “allow an unprivileged attacker to read the contents of memory, including memory that should be protected by the range registers, such as SMM memory."

Bulygin said he's been working with Intel since March and that Intel believes its guidance to mitigate Spectre variant 1 and Spectre variant 2 should also be applied to SMM. "We have reviewed Eclypsium's research and, as noted in their blog, we believe that the existing guidance for mitigating variant 1 and variant 2 will be similarly effective at mitigating these scenarios," an Intel spokesperson said.
 
When is Intel and AMD just going to give us the power to just NOT have this security liability shit already?

I understand these kinds of features are desirable for corporate, but we need it as an OPTION, not MANDATORY.

Despite what Intel and other hidden actors may think. MOTHER BRAIN DOESN'T ALWAYS KNOW WHAT'S BEST.
 
BloodyIron said:
When is Intel and AMD just going to give us the power to just NOT have this security liability shit already?

I understand these kinds of features are desirable for corporate, but we need it as an OPTION, not MANDATORY.

Despite what Intel and other hidden actors may think. MOTHER BRAIN DOESN'T ALWAYS KNOW WHAT'S BEST.
Click to expand...

AMD is not affected by this, their memory is encrypted, the attacker cannot read the data.
ppl should stop trying to put amd and intel in the same basket with specter and meltdown, they are not.
 
Someone said Ryzen? I thought someone here said Ryzen?

1i1o2p0y08bz.jpg
 
Last edited:
No one gives a shit Yuriy Buliyginovich... If pigs had wings they could fly.... seriously some of these clowns need to just stay quiet.
 
BloodyIron said:
When is Intel and AMD just going to give us the power to just NOT have this security liability shit already?

I understand these kinds of features are desirable for corporate, but we need it as an OPTION, not MANDATORY.

Despite what Intel and other hidden actors may think. MOTHER BRAIN DOESN'T ALWAYS KNOW WHAT'S BEST.
Click to expand...
Just FYI, Spectre was an issue that effected nearly ALL processor ISAs such as ARM, Power, SPARC64, etc. - not just x86/x86_64, that was Meltdown.
Also, as the others have stated, this does not affect AMD processors, at least not to the extent that the user or attacker has to already have administrative/root access along with physical access to the system to run the exploit, at which point, that system and whoever owns it has much bigger things to worry about by that point! :eek:
 
alamox said:
AMD is not affected by this, their memory is encrypted, the attacker cannot read the data.
ppl should stop trying to put amd and intel in the same basket with specter and meltdown, they are not.
Click to expand...

Does it include all AMD processors or just Ryzen forward? Maybe someone can post a link?

I know the server based Epyc line of processors was touted to have memory encryption.
 
I'm talking about the Intel Management Engine, not Spectre itself. The "firmware" being exposed in this particular exploit is the Intel Management Engine itself...

alamox said:
AMD is not affected by this, their memory is encrypted, the attacker cannot read the data.
ppl should stop trying to put amd and intel in the same basket with specter and meltdown, they are not.
Click to expand...
 
I'm talking about the Intel Management Engine, which is what this breach exposes...

Red Falcon said:
Just FYI, Spectre was an issue that effected nearly ALL processor ISAs such as ARM, Power, SPARC64, etc. - not just x86/x86_64, that was Meltdown.
Also, as the others have stated, this does not affect AMD processors, at least not to the extent that the user or attacker has to already have administrative/root access along with physical access to the system to run the exploit, at which point, that system and whoever owns it has much bigger things to worry about by that point! :eek:
Click to expand...
 
You must log in or register to reply here.
Back
Top