I’ll argue this is not off-topic - the hardware problem exists and while there is not a project to fix that, it sits as a problem that needs a solution.
Intel ME is the OS that is inside the Intel chips - so, not the one most users choose… and yes, it comes with a webserver because why not!
Fortunately, this is being made visible and challenged but perhaps should not even be legal for the risks relative to privacy; security; and freedom from exploitation.
Intel admits that ME exploitable with 8 CVEs, telling their customers to contact motherboard manufacturers.
earlier was: How to remote hijack computers using Intel’s insecure chips: Just use an empty login string
Almost as bad as OSX having root login with empty passwords… because it was “useful”?
I wonder AMD would have a quick win, if they declared some route to open sourcing their hardware… I wonder too that other interests are too invested in pwning.every.damn.thing™
My dream set-up is a RISC-V (or some other open architecture chipset) powered computer with a secure Linux distro built solely for SAFE usage (like a freedom-respecting analogue to google’s ChromeOS)
abstract - Positive Technologies researchers Maxim Goryachy and Mark Ermolov have discovered a vulnerability that allows running unsigned code. The vulnerability can be used to activate JTAG debugging for the Intel Management Engine processor core. When combined with DCI, this allows debugging ME via USB.
True but it isn’t a project either. It is clearly a Cybersecurity issue more than a “Related project” Even a project to fix it is not a project related to SAFE.
I’ll move it there and you can PM the @moderators if you think otherwise.
