Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
A group of Security researchers has officially fucked hardware-level Intel botnet officially branded as "Intel Management Engine" they did so by gathering it all the autism they were able to get from StackOverflow mods... though they officially call it a Buffer Overflow.
On Wednesday, in a presentation at Black Hat Europe, Positive Technologies security researchers Mark Ermolov and Maxim Goryachy plan to explain the firmware flaws they found in Intel Management Engine 11, along with a warning that vendor patches for the vulnerability may not be enough.
Two weeks ago, the pair received thanks from Intel for working with the company to disclose the bugs responsibility. At the time, Chipzilla published 10 vulnerability notices affecting its Management Engine (ME), Server Platform Services (SPS), and Trusted Execution Engine (TXE).
The Intel Management Engine, which resides in the Platform Controller Hub, is a coprocessor that powers the company's vPro administrative features across a variety of chip families. It has its own OS, MINIX 3, a Unix-like operating system that runs at a level below the kernel of the device's main operating system.
It's a computer designed to monitor your computer. In that position, it has access to most of the processes and data on the main CPU. For admins, it can be useful for managing fleets of PCs; it's equally appealing to hackers for what Positive Technologies has dubbed "God mode."
The flaws cited by Intel could let an attacker run arbitrary code on affected hardware that wouldn't be visible to the user or the main operating system. Fears of such an attack led Chipzilla to implement an off switch, to comply with the NSA-developed IT security program called HAP.
But having identified this switch earlier this year, Ermolov and Goryachy contend it fails to protect against the bugs identified in three of the ten disclosures: CVE-2017-5705, CVE-2017-5706, and CVE-2017-5707.
The duo say they found a locally exploitable stack buffer overflow that allows the execution of unsigned code on any device with Intel ME 11, even if the device is turned off or protected by security software.
For more of the complete story go here:
https://blackhat.com/eu-17/...
https://theregister.co.uk/2017/12/...
I post mostly daily news, commentaries and such on my site for anyone that wish to drop by there
19 -
Lessons I've learnt so far on programming
-- Your best written code today can be your worst tomorrow (Focus more on optimisation than style).
-- Having zero knowledge of a language then watching video tutorials is like purchasing an arsenal before knowing what a gun is (Read the docs instead).
-- It's works on my machine! Yes, because you built on Lenovo G-force but never considered the testers running on Intel Pentium 0.001 (Always consider low end devices).
-- "Programming" is you telling a story and without adding "comments" you just wrote a whole novel having no punctuation marks (Always add comments, you will thank yourself later for it I promise).
-- In programming there is nothing like "done"! You only have "in progress" or "abandoned" (Deploy progressively).
-- If at this point you still don't know how to make an asynchronous call in your favourite language, then you are still a rookie! take that from me. (Asynchronous operation is a key feature in programming that every coder should know).
-- If it's more than two conditions use "Switch... case" else stick with "If... else" (Readability should never be under-rated).
-- Code editors can MAKE YOU and BREAK YOU. They have great impact on your coding style and delivery time (Choose editors wisely).
-- Always resist the temptation of writing the whole project from scratch unless needs be (Favor patching to re-creation).
-- Helper methods reduces code redundancy by a large chunk (Always have a class in your project with helper methods).
-- There is something called git (Always make backups).
-- If you don't feel the soothing joy that comes in fixing a bug then "programming" is a no-no (Coding is fun only when it works).
-- Get angry with the bugs not the testers they're only noble messengers (Bugs are your true enemy).
-- You would learn more than a lot reading the codes of others and I mean a lot! (Code review promotes optimisation and let's you know when you are writing macaroni).
-- If you can do it without a framework you have yourself a big fat plus (Frameworks make you entirely dependent).
-- Treat your code like your pet, stop taking care of it and it dies! (Codes are fragile and needs regular updates to stay relevant).
Programming is nothing but fun and I've learnt that a long time ago.6 -
Intel, wtf kind of drugs is your stupid site on?
Trying to make an account, the password requirement says "at least one special character".
Ok, no problem.
"Password format is invalid"
Wut? Hmm, maybe it doesn't like that one. Let's try one from their suggested ones.
"Password format is invalid"
WTF? The fuck is your problem?!
*reloads the page, tries again*
"Password format is invalid"
ARE YOU FUCKING RETARDED?
*adds the special at the end of the password instead of the beginning*
It works.
https://youtube.com/watch/...
And then we wonder why bugs like Meltdown and Spectre come up. These guys can't even do fucking password validation properly.
And I've just lost 30 minutes because of this shit.
FUCK!
Top Tags
Weekly Rant
View