Re: [qubes-users] Re: Intel ME exploitable

2017-05-08 Thread cooloutac
On Monday, May 8, 2017 at 1:16:26 AM UTC-4, Vít Šesták wrote: > While I sometimes use the arguments “in such case e, attacker gains nothing, > because it assumes you are already compromised”, one has to be careful with > this, because compromise doesn't imply a total compromise. > > A simple

Re: [qubes-users] Re: Intel ME exploitable

2017-05-08 Thread Vít Šesták
> Get some code running in there, you're root. True, but at this moment, you are supposing attacker has already RCEd it. A logic flaw might allow one to do quite less than RCE. For example, it might mount a block device. In such case, it would be better to be mounted to some dummy VM rather

Re: [qubes-users] Re: Intel ME exploitable

2017-05-08 Thread Manuel Amador (Rudd-O)
On 05/08/2017 05:16 AM, Vít Šesták wrote: > While I sometimes use the arguments “in such case e, attacker gains nothing, > because it assumes you are already compromised”, one has to be careful with > this, because compromise doesn't imply a total compromise. True, yet see below. > > A simple

Re: [qubes-users] Re: Intel ME exploitable

2017-05-07 Thread Vít Šesták
While I sometimes use the arguments “in such case e, attacker gains nothing, because it assumes you are already compromised”, one has to be careful with this, because compromise doesn't imply a total compromise. A simple example (unrelated to ME) of this catch: One might think that giving user

Re: [qubes-users] Re: Intel ME exploitable

2017-05-07 Thread taii...@gmx.com
On 05/07/2017 03:21 PM, Manuel Amador (Rudd-O) wrote: Local exploit can talk to the ME via PCI and SMBus. Only from dom0. Remote exploit only good against machines with vPro (check your CPU SKU at the Intel database — I explicitly bought systems without that shit) because vPro is the

Re: [qubes-users] Re: Intel ME exploitable

2017-05-07 Thread Manuel Amador (Rudd-O)
On 05/02/2017 05:25 AM, Vít Šesták wrote: > * There seems to be some MEI PCI device (see lspci | grep -i mei) in dom0 and > /dev/mei0. I am not sure how all the parts (network stack, MEI PCI device, > MEI software for OS and management while offline) are connected together. I > am also unsure

Re: [qubes-users] Re: Intel ME exploitable

2017-05-07 Thread Manuel Amador (Rudd-O)
On 05/02/2017 05:25 AM, Vít Šesták wrote: > Some notes: > > > * I wonder what is the technical distinction between home and SMB/Enterprise. > Is it vPro? I deduced this in the affirmative a few years ago by comparing the SKUs for various Intel products, and whether they had vPro. --

Re: [qubes-users] Re: Intel ME exploitable

2017-05-07 Thread Manuel Amador (Rudd-O)
On 05/01/2017 05:26 PM, Vít Šesták wrote: > AFAIU, if https://ark.intel.com/ shows “Intel® vPro™ Technology: no”, then > the particular CPU is safe. But I am not 100% confident in vPro and related > technologies, so I might be wrong. Can someone confirm/deny this claim? That has been my

Re: [qubes-users] Re: Intel ME exploitable

2017-05-07 Thread Manuel Amador (Rudd-O)
On 05/01/2017 05:14 PM, Reg Tiangha wrote: > On 05/01/2017 10:38 AM, Jean-Philippe Ouellet wrote: >> *Sigh*... Yep. We were right to be concerned (of course). And now we >> have something other than our tin foil hats to point at too: >> >>

[qubes-users] Re: Intel ME exploitable

2017-05-02 Thread cooloutac
On Tuesday, May 2, 2017 at 4:46:33 PM UTC-4, cooloutac wrote: > https://www.amazon.com/Cisco-Linksys-WTR54GS-Wireless-Travel-Speedbooster/dp/B000A1AQOO/ref=sr_1_7?ie=UTF8=1493758122=8-7=pocket+router > its 35 dollars but I bet none of them are new and they lying. all the complaints are about

[qubes-users] Re: Intel ME exploitable

2017-05-02 Thread cooloutac
https://www.amazon.com/Cisco-Linksys-WTR54GS-Wireless-Travel-Speedbooster/dp/B000A1AQOO/ref=sr_1_7?ie=UTF8=1493758122=8-7=pocket+router its 35 dollars but I bet none of them are new and they lying. -- You received this message because you are subscribed to the Google Groups "qubes-users"

[qubes-users] Re: Intel ME exploitable

2017-05-02 Thread cooloutac
https://www.amazon.com/Cisco-Linksys-WTR54GS-Wireless-Travel-Speedbooster/dp/B000A1AQOO I wonder if they got open source for this one? lol -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails

[qubes-users] Re: Intel ME exploitable

2017-05-02 Thread cooloutac
On Tuesday, May 2, 2017 at 4:33:01 PM UTC-4, cooloutac wrote: > On Tuesday, May 2, 2017 at 4:31:52 PM UTC-4, cooloutac wrote: > > On Tuesday, May 2, 2017 at 3:53:19 PM UTC-4, Reg Tiangha wrote: > > > On 05/02/2017 01:36 PM, cooloutac wrote: > > > > What do you mean by pocket router? Is this like

[qubes-users] Re: Intel ME exploitable

2017-05-02 Thread cooloutac
On Tuesday, May 2, 2017 at 4:31:52 PM UTC-4, cooloutac wrote: > On Tuesday, May 2, 2017 at 3:53:19 PM UTC-4, Reg Tiangha wrote: > > On 05/02/2017 01:36 PM, cooloutac wrote: > > > What do you mean by pocket router? Is this like a cheap little router to > > > dongle off your pc? it seems

[qubes-users] Re: Intel ME exploitable

2017-05-02 Thread cooloutac
On Tuesday, May 2, 2017 at 3:53:19 PM UTC-4, Reg Tiangha wrote: > On 05/02/2017 01:36 PM, cooloutac wrote: > > What do you mean by pocket router? Is this like a cheap little router to > > dongle off your pc? it seems interesting because I definitely can't trust > > my home router at all... > >

[qubes-users] Re: Intel ME exploitable

2017-05-02 Thread Reg Tiangha
On 05/02/2017 01:36 PM, cooloutac wrote: > What do you mean by pocket router? Is this like a cheap little router to > dongle off your pc? it seems interesting because I definitely can't trust my > home router at all... > I mean something like this:

[qubes-users] Re: Intel ME exploitable

2017-05-02 Thread cooloutac
On Tuesday, May 2, 2017 at 2:50:24 PM UTC-4, Reg Tiangha wrote: > On 05/02/2017 11:37 AM, David Hobach wrote: > > > > > > On 05/02/2017 07:25 AM, Vít Šesták wrote: > >> * I wonder what does “exploitable locally” mean. If physical access > >> is required, I am not sure what would attacker gain (AEM

[qubes-users] Re: Intel ME exploitable

2017-05-02 Thread Reg Tiangha
On 05/02/2017 11:37 AM, David Hobach wrote: > > > On 05/02/2017 07:25 AM, Vít Šesták wrote: >> * I wonder what does “exploitable locally” mean. If physical access >> is required, I am not sure what would attacker gain (AEM bypass at >> most, I guess). If it allows unprivileged user to elevate

Re: [qubes-users] Re: Intel ME exploitable

2017-05-02 Thread Ilpo Järvinen
On Mon, 1 May 2017, Vít Šesták wrote: > * I wonder what does “exploitable locally” mean. If physical access is > required, I am not sure what would attacker gain (AEM bypass at most, I > guess). If it allows unprivileged user to elevate privileges, this might > be interesting for Qubes,

[qubes-users] Re: Intel ME exploitable

2017-05-02 Thread Reg Tiangha
On 05/01/2017 11:25 PM, Vít Šesták wrote: > Some notes: > > * Applying the patch probably requires BIOS update (and MoBo vendor releasing > the update), I guess. > * I wonder what is the technical distinction between home and SMB/Enterprise. > Is it vPro? > * I am not sure how can I check the

[qubes-users] Re: Intel ME exploitable

2017-05-01 Thread Vít Šesták
Some notes: * Applying the patch probably requires BIOS update (and MoBo vendor releasing the update), I guess. * I wonder what is the technical distinction between home and SMB/Enterprise. Is it vPro? * I am not sure how can I check the version. There are some ME/AMT-related Linux tools, but

[qubes-users] Re: Intel ME exploitable

2017-05-01 Thread Reg Tiangha
On 05/01/2017 02:48 PM, 'Lolint' via qubes-users wrote: > Confirmation by Shintel: > https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Guide%20-%20Rev%201.1.pdf > > -- > You

[qubes-users] Re: Intel ME exploitable

2017-05-01 Thread Reg Tiangha
On 05/01/2017 12:19 PM, Reg Tiangha wrote: > On 05/01/2017 12:04 PM, cooloutac wrote: >> On Monday, May 1, 2017 at 1:26:52 PM UTC-4, Vít Šesták wrote: >>> AFAIU, if https://ark.intel.com/ shows “Intel® vPro™ Technology: no”, then >>> the particular CPU is safe. But I am not 100% confident in vPro

[qubes-users] Re: Intel ME exploitable

2017-05-01 Thread Reg Tiangha
On 05/01/2017 12:04 PM, cooloutac wrote: > On Monday, May 1, 2017 at 1:26:52 PM UTC-4, Vít Šesták wrote: >> AFAIU, if https://ark.intel.com/ shows “Intel® vPro™ Technology: no”, then >> the particular CPU is safe. But I am not 100% confident in vPro and related >> technologies, so I might be

[qubes-users] Re: Intel ME exploitable

2017-05-01 Thread cooloutac
On Monday, May 1, 2017 at 1:26:52 PM UTC-4, Vít Šesták wrote: > AFAIU, if https://ark.intel.com/ shows “Intel® vPro™ Technology: no”, then > the particular CPU is safe. But I am not 100% confident in vPro and related > technologies, so I might be wrong. Can someone confirm/deny this claim? > >

[qubes-users] Re: Intel ME exploitable

2017-05-01 Thread Vít Šesták
AFAIU, if https://ark.intel.com/ shows “Intel® vPro™ Technology: no”, then the particular CPU is safe. But I am not 100% confident in vPro and related technologies, so I might be wrong. Can someone confirm/deny this claim? Regards, Vít Šesták 'v6ak' -- You received this message because you

[qubes-users] Re: Intel ME exploitable

2017-05-01 Thread Reg Tiangha
On 05/01/2017 11:14 AM, Reg Tiangha wrote: > On 05/01/2017 10:38 AM, Jean-Philippe Ouellet wrote: >> *Sigh*... Yep. We were right to be concerned (of course). And now we >> have something other than our tin foil hats to point at too: >> >>

[qubes-users] Re: Intel ME exploitable

2017-05-01 Thread Reg Tiangha
On 05/01/2017 10:38 AM, Jean-Philippe Ouellet wrote: > *Sigh*... Yep. We were right to be concerned (of course). And now we > have something other than our tin foil hats to point at too: > > https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/ > > I want my RISC-V