If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Free Rootkit with Every New Intel Machine
The following is reproduced from he http://www.astalavista.com/?section=...ls&newsid=3933 Is this related to (or will be implimented in) ICH9? ------------------------------------------- Free Rootkit with Every New Intel Machine Published 15:38:14 12.06.2007 (Forwarded with permission from a NZ security mailing list, some portions anonymised) -- Snip -- [...] a register article saying Intel released its new platform Centrino Pro which includes Intel Active Management 2.5. An article with some more info is he http://www.newsfactor.com/news/Intel...d=0210025GSEV9 It got me interested, so I started taking a look around. Intel has some good info he http://softwarecommunity.intel.com/a...s/eng/1032.htm And for all of you in the Web 2.0 generation with short attention spans for reading the doc, here is video that explains it all, I found myself getting more and more concerned the further it went: http://softwarecommunity.intel.com/v...aspx?fn=3D1066 Essentially, all new Intel machines (and a number of current Intel servers) come with free hardware rootkit functionality, which is operational and accessible when the machine is powered off, and in the case of laptops, even when they are unplugged and powered off. There is the mention of code signing, TLS and PKI magic to allay your security concerns however... There are a few new things with this that go beyond generic remote IP KVM: - NIC based TCP/IP filters configurable remotely - Handy magic bypass for TCP/IP filters [1] - Remote BIOS updates over the network - Remote IDE redirection, as in boot off CDROM over the network - Persistent storage even if you change hard disks - It doesn't appear to have a method for disabling it (well, I can't find anything about it, seems crazy if there isn't) - Built-in, on chip. I can understand a decent size company wanting IP-KVM. But I don't want my personal laptop with IP-KVM. - Authentication can be done on Kerberos. We're talking AD. - Built in web interface on every machine (port 16994) - handy well documented SDK for building whatever you need to interact with this - ... This is clearly an awesome management tool. Being able to update your antivirus while your machine is disconnected from the network is helpful. Being able to id all your assets even though they are powered off is great. My concerns are around doomsday scenarios like the below: Worm is released that gets a domain admin account, worm sets up floppy booting across the network, floppy is boot-and-nuke [2]. Worm reboots every server in the company and securely wipes them with single pass. Worm then updates bios on every machine to broken state, enables TCP/IP filters to prevent the NIC from being used to talk to the OS ever again, then disables the AMT. Note, this is OS agnostic, will take out your OSX, Windows and Linux boxen. The hardware would probably be rendered useless, barring opening up the box and flipping some jumpers or replacing something. A smart user noticing the reboot and noticing the disk was being wiped (assuming you didn't change dban to say "now making your computer faster by optimizing the cache flux capacitor") would have to unplug power and network to stop it, which is harder if you're a laptop user with wireless. While parts of this are possible now, its just not nearly as powerful or ubiquitous. [1] TCP-over-Serial-over-LAN http://softwarecommunity.intel.com/a...s/eng/1222.htm [2] http://dban.sourceforge.net/ |
#2
|
|||
|
|||
Free Rootkit with Every New Intel Machine
From: "Intel Guy"
| | The following is reproduced from he | | http://www.astalavista.com/?section=...ls&newsid=3933 | | Is this related to (or will be implimented in) ICH9? | snip Sorry, I need corroboration before I can swallow much of this content. -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |
#3
|
|||
|
|||
Free Rootkit with Every New Intel Machine
Free Rootkit with Every New Intel Machine
not just misleading, but incorrect. these new features are a modest extension of the existing IPMI standard that is already on most servers. it's all about being able to remotely (and without manual, in-person action) control power, sensors, booting, firmware versions. sure, it's dangerous if you don't configure it properly. so? |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
nvidguiv.exe rootkit? | dawg | Nvidia Videocards | 4 | March 17th 06 09:37 PM |
Sony and the rootkit | El Marko | Cdr | 1 | November 23rd 05 09:47 AM |
alienware gaming machine for free | [email protected] | General | 1 | July 20th 05 01:02 PM |
alienware gaming machine for free check BBC link UK only | [email protected] | Nvidia Videocards | 0 | July 20th 05 12:06 PM |
Get FREE Laptop, FREE iPod, FREE Xbox, FREE PS2 or FREE Cell Phone | [email protected] | General Hardware | 0 | March 1st 05 09:09 PM |