A computer components & hardware forum. HardwareBanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » HardwareBanter forum » Processors » Intel
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Free Rootkit with Every New Intel Machine



 
 
Thread Tools Display Modes
  #1  
Old June 15th 07, 12:04 AM posted to comp.sys.intel,alt.comp.virus
Intel Guy
external usenet poster
 
Posts: 84
Default Free Rootkit with Every New Intel Machine


The following is reproduced from he

http://www.astalavista.com/?section=...ls&newsid=3933

Is this related to (or will be implimented in) ICH9?

-------------------------------------------

Free Rootkit with Every New Intel Machine
Published 15:38:14 12.06.2007

(Forwarded with permission from a NZ security mailing list, some
portions anonymised)

-- Snip --

[...] a register article saying Intel released its new platform
Centrino Pro which includes Intel Active Management 2.5. An article
with some more info is he

http://www.newsfactor.com/news/Intel...d=0210025GSEV9

It got me interested, so I started taking a look around. Intel has
some good info he

http://softwarecommunity.intel.com/a...s/eng/1032.htm

And for all of you in the Web 2.0 generation with short attention
spans for reading the doc, here is video that explains it all, I found
myself getting more and more concerned the further it went:

http://softwarecommunity.intel.com/v...aspx?fn=3D1066

Essentially, all new Intel machines (and a number of current Intel
servers) come with free hardware rootkit functionality, which is
operational and accessible when the machine is powered off, and in the
case of laptops, even when they are unplugged and powered off.

There is the mention of code signing, TLS and PKI magic to allay your
security concerns however...

There are a few new things with this that go beyond generic remote IP
KVM:

- NIC based TCP/IP filters configurable remotely
- Handy magic bypass for TCP/IP filters [1]
- Remote BIOS updates over the network
- Remote IDE redirection, as in boot off CDROM over the network
- Persistent storage even if you change hard disks
- It doesn't appear to have a method for disabling it (well, I can't
find anything about it, seems crazy if there isn't)
- Built-in, on chip. I can understand a decent size company wanting
IP-KVM. But I don't want my personal laptop with IP-KVM.
- Authentication can be done on Kerberos. We're talking AD.
- Built in web interface on every machine (port 16994)
- handy well documented SDK for building whatever you need to interact
with this
- ...

This is clearly an awesome management tool. Being able to update your
antivirus while your machine is disconnected from the network is
helpful. Being able to id all your assets even though they are powered
off is great. My concerns are around doomsday scenarios like the
below:

Worm is released that gets a domain admin account, worm sets up floppy
booting across the network, floppy is boot-and-nuke [2]. Worm reboots
every server in the company and securely wipes them with single pass.
Worm then updates bios on every machine to broken state, enables
TCP/IP filters to prevent the NIC from being used to talk to the OS
ever again, then disables the AMT.

Note, this is OS agnostic, will take out your OSX, Windows and Linux
boxen. The hardware would probably be rendered useless, barring
opening up the box and flipping some jumpers or replacing something. A
smart user noticing the reboot and noticing the disk was being wiped
(assuming you didn't change dban to say "now making your computer
faster by optimizing the cache flux capacitor") would have to unplug
power and network to stop it, which is harder if you're a laptop user
with wireless.

While parts of this are possible now, its just not nearly as powerful
or ubiquitous.

[1] TCP-over-Serial-over-LAN
http://softwarecommunity.intel.com/a...s/eng/1222.htm

[2] http://dban.sourceforge.net/
  #2  
Old June 15th 07, 12:33 AM posted to comp.sys.intel,alt.comp.virus
David H. Lipman
external usenet poster
 
Posts: 408
Default Free Rootkit with Every New Intel Machine

From: "Intel Guy"

|
| The following is reproduced from he
|
| http://www.astalavista.com/?section=...ls&newsid=3933
|
| Is this related to (or will be implimented in) ICH9?
|

snip

Sorry, I need corroboration before I can swallow much of this content.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


  #3  
Old June 16th 07, 07:02 PM posted to comp.sys.intel,alt.comp.virus
Mark Hahn
external usenet poster
 
Posts: 3
Default Free Rootkit with Every New Intel Machine

Free Rootkit with Every New Intel Machine

not just misleading, but incorrect. these new features are a modest
extension of the existing IPMI standard that is already on most servers.
it's all about being able to remotely (and without manual, in-person
action) control power, sensors, booting, firmware versions. sure,
it's dangerous if you don't configure it properly. so?
 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
nvidguiv.exe rootkit? dawg Nvidia Videocards 4 March 17th 06 10:37 PM
Sony and the rootkit El Marko Cdr 1 November 23rd 05 10:47 AM
alienware gaming machine for free [email protected] General 1 July 20th 05 01:02 PM
alienware gaming machine for free check BBC link UK only [email protected] Nvidia Videocards 0 July 20th 05 12:06 PM
Get FREE Laptop, FREE iPod, FREE Xbox, FREE PS2 or FREE Cell Phone [email protected] General Hardware 0 March 1st 05 10:09 PM


All times are GMT +1. The time now is 11:55 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 HardwareBanter.
The comments are property of their posters.