Originally published at: https://boingboing.net/2019/11/14/descartes-destroyed.html
…
I don’t understand. I followed this link but could not make head nor tails of the Intel page. Are you saying Intel has a fix which individuals can & should install on their own computers?
This is a rather surprising failure mode of a crypto chip. Don’t crypto chip designers get taught in Crypto 101 that having the calculation time dependent on the key data was a recipe for disaster?
If a component is going to compromise your security there’s something charming about it being part of “Platform Trust Technology”
On a less sarcastic note; reading Intel security advisories is a rather terrifying glimpse into just how much hides under your OS, all the time, subject to the vagaries of Intel’s business strategy and your (almost certainly laggardly and apathetic) motherboard vendor for fixes, since the Intel-released ones need to be integrated with board firmware.
You’ve got AMT doing its own thing(featuring network access, KVM; and DMA!), UEFI runtime services, the occasions when SMM takes over briefly, “Dynamic Application Loader”, a feature explicitly designed to execute little bits of java where nothing can see it; and that’s before any OEM ‘innovation’; and not counting the various DMA peripherals and surprisingly powerful CPUs running their own little fiefdoms to abstract the internals of various peripherals.
Thankfully, the response to this alarming situation has typically been to add another complex ‘trusted’ black box to the heap to keep an eye on the others; so each iteration adds even more to this vibrant ecosystem.
This topic was automatically closed after 5 days. New replies are no longer allowed.