On Tue, May 2, 2017 at 9:51 AM, Lloyd Kvam <pyt...@venix.com> wrote: > lspci | egrep 'MEI|HECI'
As the article on dreamwidth says, just having MEI doesn't mean you have AMT and the rest of the Intel ME working for someone to get in. Honestly, most of the stuff I've seen about ME reads like breathless clickbait instead of valid security information. It'd be nice to read about it w/o having to decipher a conspiracy undertone. And it is a legitimate security vulnerability. ME is a newer, Intel version of the remote control/IPMI standard and the proprietary iDrac, iLo and other versions. ME seems more private (no source code for the public!) than all the IPMI stuff has been. Both allow you to setup power control, remote control a serial console and read motherboard settings. IPMI can provide a video console in some cases. It's usually on Supermicros as a jnlp java applet. iDrac has an Enterprise version (more $) with the same. The latest iDrac also has an HTML5 version. If you go further back, Sun systems had something called LOM and variants that also let you get to the "BIOS" before/without booting. Holes in IPMI were first disclosed by Dan Farmer <http://fish2.com/ipmi/> in 2013. The Intel ME/AMT is just a newer version of IPMI with similar holes that's not restricted to server systems.
_______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
