CPU as a service // MINIX in Intel ME

Wed Nov 29 09:23:30 UTC 2017

Dear Jann,

* Jann KRUSE [2017-11-28 21:23:54 +0000]:

>Update: Have been exploited...
>(And you wouldn't even realize it!)
>https://www.blackhat.com/eu-17/briefings/schedule/#how-to-hack-a-turned-off-computer-or-running-unsigned-code-in-intel-management-engine-8668

as you correctly pointed out below, the real problem is not unintentional
occurrence of exploitable bugs: this is normal on all OSs and can be
addressed (with various level of difficulty, **very** hardly in this case)

«To root, or not to root, that is the question:»
who have root access to the hyper-hyper-visor?

this soon leads to the following questions:

1 is root access documented anywhere on earth?
2 how can I manage the root password in order to be compliant with national
mandatory security regulations? [1]

mumble, mumble...

[...]

>In short:
>We are essentially being forced, without even being told, to run buggy
>proprietary code in a very powerful and very capable hyper-hyper-visori

very nice executive ultra-summary thanks! :-)

Ciao
Giovanni

[1] https://en.m.wikipedia.org/wiki/Cyber-security_regulation
there are a **lot** of mandatory regulations considering password management
_vital_ to the security of IT infrastructure

-- 
Giovanni Biscuolo
Xelera - IT infrastructures
http://xelera.eu/contact-us/

**per favore** Quota Bene: http://wiki.news.nic.it/QuotarBene
**please** use Inline Reply: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.fsfe.org/pipermail/discussion/attachments/20171129/59b353f8/attachment.sig>