(Forwarded with permission from a NZ security mailing list,
some portions
anonymised)
-- Snip --
[...] a register article saying Intel released its new
platform Centrino Pro
which includes Intel Active Management 2.5. An article with
some more info is
here:
http://www
.newsfactor.com/news/Intel-Debuts-Fourth-Gen-Centrino-Tech/s
tory.xhtml?story_id=0210025GSEV9
It got me interested, so I started taking a look around.
Intel has some good
info here:
http://softwarecommunity.intel.com/articles/eng/1032.htm
And for all of you in the Web 2.0 generation with short
attention spans for
reading the doc, here is video that explains it all, I found
myself getting
more and more concerned the further it went:
http://softwarecommunity.intel.com/videos/home.aspx
?fn=3D1066
Essentially, all new Intel machines (and a number of current
Intel servers)
come with free hardware rootkit functionality, which is
operational and
accessible when the machine is powered off, and in the case
of laptops, even
when they are unplugged and powered off.
There is the mention of code signing, TLS and PKI magic to
allay your security
concerns however...
There are a few new things with this that go beyond generic
remote IP KVM:
- NIC based TCP/IP filters configurable remotely
- Handy magic bypass for TCP/IP filters [1]
- Remote BIOS updates over the network
- Remote IDE redirection, as in boot off CDROM over the
network
- Persistent storage even if you change hard disks
- It doesn't appear to have a method for disabling it (well,
I can't find
anything about it, seems crazy if there isn't)
- Built-in, on chip. I can understand a decent size company
wanting IP-KVM.
But I don't want my personal laptop with IP-KVM.
- Authentication can be done on Kerberos. We're talking AD.
- Built in web interface on every machine (port 16994)
- handy well documented SDK for building whatever you need
to interact with
this
- ...
This is clearly an awesome management tool. Being able to
update your
antivirus while your machine is disconnected from the
network is helpful.
Being able to id all your assets even though they are
powered off is great. My
concerns are around doomsday scenarios like the below:
Worm is released that gets a domain admin account, worm sets
up floppy booting
across the network, floppy is boot-and-nuke [2]. Worm
reboots every server in
the company and securely wipes them with single pass. Worm
then updates bios
on every machine to broken state, enables TCP/IP filters to
prevent the NIC
from being used to talk to the OS ever again, then disables
the AMT.
Note, this is OS agnostic, will take out your OSX, Windows
and Linux boxen.
The hardware would probably be rendered useless, barring
opening up the box
and flipping some jumpers or replacing something. A smart
user noticing the
reboot and noticing the disk was being wiped (assuming you
didn't change dban
to say "now making your computer faster by optimizing
the cache flux
capacitor") would have to unplug power and network to
stop it, which is harder
if you're a laptop user with wireless.
</end is nigh rant>
While parts of this are possible now, its just not nearly as
powerful or
ubiquitous.
[1] TCP-over-Serial-over-LAN
http://softwarecommunity.intel.com/articles/eng/1222.htm
[2] http://dban.sourceforge.
net/
-- Snip --
------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomo metzdowd.com
|
