Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Debian Security ~ Intels' ME and likewise
Re: Debian Security ~ Intels' ME and likewise
Intel SA 00086 Detection Tool
https://downloadcenter.intel.com/download/27150
The vulnerability only affects more recent Intel procesors. Some manufacturers have started producing updates.
https://www.bleepingcomputer.com/news/ ... rity-bugs/
Most of my machines are not affected as the use older third generation Intel processors, only 6th, 7th and 8th generation Intel Core Processor Family and some other recent processors are affected by this vulnerability.
https://downloadcenter.intel.com/download/27150
The vulnerability only affects more recent Intel procesors. Some manufacturers have started producing updates.
https://www.bleepingcomputer.com/news/ ... rity-bugs/
Most of my machines are not affected as the use older third generation Intel processors, only 6th, 7th and 8th generation Intel Core Processor Family and some other recent processors are affected by this vulnerability.
Re: Debian Security ~ Intels' ME and likewise
I am not convinced of this part...dotlj wrote:...The vulnerability only affects more recent Intel procesors. Some manufacturers have started producing updates...
ThinkPad E14: Arch, Debian Stable
GUI: Xfce
For new: Try MX Linux, Linux Mint; later join Debian Stable
GUI: Xfce
For new: Try MX Linux, Linux Mint; later join Debian Stable
- ticojohn
- Posts: 1284
- Joined: 2009-08-29 18:10
- Location: Costa Rica
- Has thanked: 21 times
- Been thanked: 44 times
Re: Debian Security ~ Intels' ME and likewise
From what I have read it seems to be most dependent on whether the motherboard/system manufacturer implemented the vPro technology in the bios. Some MB's, like mine, have the MEI chipset but vPro was not implemented in the bios. An easy check as to whether your board is susceptible might be to look at the board specs and see if vPro is implemented. No test software required.makh wrote:I am not convinced of this part...dotlj wrote:...The vulnerability only affects more recent Intel processors. Some manufacturers have started producing updates...
UPDATE: Just to verify my assumption I downloaded the referenced test program from Intel. I have two computers. One is a Gigabyte GA H81M-H rev 2.1, the other is and Intel NUC5i5RYH. Specifications for both systems indicate that the vPro technology is not implemented. I ran the test on both systems and the results for both indicate that the system is not vulnerable. So, either they really aren't vulnerable or the test is lying. Given the grief that Intel is getting over this issue I would like to believe that they have not created a test that gives false results. Besides, the article that I read saying that the key is whether vPro is implemented was from a respected non-intel source. Take it as you will.
I am not irrational, I'm just quantum probabilistic.
-
- Posts: 459
- Joined: 2013-06-16 00:10
Re: Debian Security ~ Intels' ME and likewise
A classic "apples-to-landmines" comparison.sunrat wrote:Sounds bad but so is Coca-Cola and land mines. The world goes on, somehow.pylkko wrote:OK. So anybody still think that this management engine thing isn't 'bad'?
The better comparison is if coffee, tea, and juice all started shipping with carbonated water and high-fructose corn syrup.
Bottled water would be an alternative, but it contains its own proprietary substances that are embedded into the water molecules.
Then you might say, "well I could just replace fluids with raspberry pies", but there are small landmines that are set to self-destruct based on an unexplored, proprietary algorithm.
...what were we originally talking about again?
fwiw, I ran me_cleaner on a spare laptop and it worked fine.
the crunkbong project: scripts, operating system, the list goes on...bester69 wrote:There is nothing to install in linux, from time to time i go to google searching for something fresh to install in linux, but, there is nothing
-
- Posts: 1454
- Joined: 2015-08-30 20:14
Re: Debian Security ~ Intels' ME and likewise
This year hasn't started well for Intel. Another serious flaw, now even worse:
https://www.neowin.net/news/security-fl ... rmance-hit
Upstream has already updated to Linux 4.14.11 that contains the fix and Microsoft will issue a patch for Windows 10 in the next 24 hours. Debian when?
https://www.neowin.net/news/security-fl ... rmance-hit
Upstream has already updated to Linux 4.14.11 that contains the fix and Microsoft will issue a patch for Windows 10 in the next 24 hours. Debian when?
- dilberts_left_nut
- Administrator
- Posts: 5347
- Joined: 2009-10-05 07:54
- Location: enzed
- Has thanked: 13 times
- Been thanked: 66 times
Re: Debian Security ~ Intels' ME and likewise
Same as always - when it's ready.Wheelerof4te wrote:Debian when?
AdrianTM wrote:There's no hacker in my grandma...
- alan stone
- Posts: 269
- Joined: 2011-10-22 14:08
- Location: In my body.
Re: Debian Security ~ Intels' ME and likewise
Operating as designed: part 1, part 2.Wheelerof4te wrote:This year hasn't started well for Intel. Another serious flaw, now even worse:
https://www.neowin.net/news/security-fl ... rmance-hit
Anyone knows a place where to buy stocks of pitchforks, torches, boiled rope and gallows?
Re: Debian Security ~ Intels' ME and likewise
Could anyone point out an efficient tools to benchmark CPU performance? There's been discussion about performance decrease of 2% - 30% depending on what kind of tasks are run. I'd like to check how the patch affects in my case. I'm not running anything that critical myself, but I guess many users here could benefit from the same information.Wheelerof4te wrote:Upstream has already updated to Linux 4.14.11 that contains the fix and Microsoft will issue a patch for Windows 10 in the next 24 hours. Debian when?
So far I've come up with sysbench, but any other suggestions are highly appreciated.
Debian 12 Stable with sway
Secure your stuff: Securing Debian Manual
Don't break your stuff: Source List Management DontBreakDebian
Secure your stuff: Securing Debian Manual
Don't break your stuff: Source List Management DontBreakDebian
-
- Posts: 1454
- Joined: 2015-08-30 20:14
Re: Debian Security ~ Intels' ME and likewise
^Average non-gamer users won't notice much difference in performance. Opening documents, doing online work, playing Youtube and movies and listening to music are not so CPU sensitive tasks.
The most affected will be gamers and large-scale businesses that rely on servers. Since a lot of people are gamers anyway, expect an otcry even from casual users.
EDIT:
This just occured to me. How will debian apply the update when the complete fix will require an update of (as per Debian) non-free intel microcode? At least, Red Hat applied it to their firmware package.
The most affected will be gamers and large-scale businesses that rely on servers. Since a lot of people are gamers anyway, expect an otcry even from casual users.
EDIT:
This just occured to me. How will debian apply the update when the complete fix will require an update of (as per Debian) non-free intel microcode? At least, Red Hat applied it to their firmware package.
- None1975
- df -h | participant
- Posts: 1410
- Joined: 2015-11-29 18:23
- Location: Russia, Kaliningrad
- Has thanked: 46 times
- Been thanked: 70 times
Re: Debian Security ~ Intels' ME and likewise
Another seriuos security bug-Meltdown and Spectre.
OS: Debian 12.4 Bookworm / DE: Enlightenment
Debian Wiki | DontBreakDebian, My config files on github
Debian Wiki | DontBreakDebian, My config files on github
Re: Debian Security ~ Intels' ME and likewise
Of course, except it wasn't designed that way. It cropped up like most software security vulnerabilities do, as an unintended consequence of bad programming.zerubbabel wrote:Who would buy a house if he knew that the builder reserved the "right" to build a hidden chamber below the apparent foundation, having a control panel with which to monitor everything that happens in the house, and having a secret tunnel connecting it to some other unknown realm?
Maybe nobody should ever buy anything ever again, just in case there is a hidden security flaw.
Nobody would ever ask questions If everyone possessed encyclopedic knowledge of the man pages.
Re: Debian Security ~ Intels' ME and likewise
That's a good point. I just wanted to see first hand the difference with pre- and post-patch performance. You are right that the actual impact to average user is minimal. Gamers also shouldn't be too much affected, unless the game is especially CPU intensive. Like you said, most impact will be suffered by business users, service providers and users who need to squeeze out every bit of performance from their hardware.Wheelerof4te wrote:^Average non-gamer users won't notice much difference in performance.
So I ran following sysbench tests, which seemed to show some change. I ran three tests before and after the patch, below results are my own redacted summary of all six tests. System load and processes for all tests was the same, but I doubt my test setup would fulfill scientific standards.. Thought I'd share them with you anyway, maybe someone's interested.
EDIT: Disclaimer, I'm not really big on system benchmarking. There probably is lot better ways to test it. Maybe someone could comment on this?
Code: Select all
Hardware:
Intel i5-3570k @ 4.4Ghz, 8Gb DDR 3
Tests run with:
$sysbench --batch --batch-delay=5 --num-threads=2 --max-requests=50000 --test=threads run
Pre-patch, with kernel 4.9.65-3+deb9u1
Pre-patch Test 1-3
total time: 5.3247s - 5.4139s
total time taken by event execution: 10.6455 - 10.8239
per-request statistics:
min: 0.18ms - 0.19ms
avg: 0.21ms - 0.22ms
max: 0.57ms - 0.92ms
approx. 95 percentile: 0.23ms - 0.24ms
Threads fairness:
events (avg/stddev): 25000.0000/2.00
execution time (avg/stddev): 5.3228 - 5.4119/0.00
Post-patch, with kernel 4.9.65-3+deb9u2
Post-patch Test 1-3
total time: 8.7143s - 8.8911s
total time taken by event execution: 17.4244 - 17.7782
per-request statistics:
min: 0.32ms
avg: 0.35ms - 0.36ms
max: 0.97ms - 1.03ms
approx. 95 percentile: 0.36ms - 0.37ms
Threads fairness:
events (avg/stddev): 25000.0000/2.00
execution time (avg/stddev): 8.7122 - 8.8891/0.00
Debian 12 Stable with sway
Secure your stuff: Securing Debian Manual
Don't break your stuff: Source List Management DontBreakDebian
Secure your stuff: Securing Debian Manual
Don't break your stuff: Source List Management DontBreakDebian
Re: Debian Security ~ Intels' ME and likewise
I guess a better test would be to perform something cpu intesive that you care about, like decompress large archives or compile kernels.
- alan stone
- Posts: 269
- Joined: 2011-10-22 14:08
- Location: In my body.
Re: Debian Security ~ Intels' ME and likewise
Researchers discovered an undocumented configuration setting that can used to disable Intel ME 11 that has been likened to a backdoor.
Use at your own risk: How to disable Intel ME 11 'backdoor' thanks to the NSA.
NSA's name should be changed to NRA, National Risk Agency.
Oh wait, NRA already stands for National Rifle Association.
Then how about National Security Abomination?
Use at your own risk: How to disable Intel ME 11 'backdoor' thanks to the NSA.
NSA's name should be changed to NRA, National Risk Agency.
Oh wait, NRA already stands for National Rifle Association.
Then how about National Security Abomination?
Re: Debian Security ~ Intels' ME and likewise
^^ fixed the subject heading for that article....
"Now you, too, can disable NSA's Intel ME 'backdoor' thanks to the NSA"
"Now you, too, can disable NSA's Intel ME 'backdoor' thanks to the NSA"
- alan stone
- Posts: 269
- Joined: 2011-10-22 14:08
- Location: In my body.
Re: Debian Security ~ Intels' ME and likewise
^ Oh my doG! How did I dare to edit the title of the article? Naughty, naughty.
Re: Debian Security ~ Intels' ME and likewise
@alan stone:
Your last post seems very unethical. Kindly remove the words before exclamation. Thankyou.
Your last post seems very unethical. Kindly remove the words before exclamation. Thankyou.
ThinkPad E14: Arch, Debian Stable
GUI: Xfce
For new: Try MX Linux, Linux Mint; later join Debian Stable
GUI: Xfce
For new: Try MX Linux, Linux Mint; later join Debian Stable
- alan stone
- Posts: 269
- Joined: 2011-10-22 14:08
- Location: In my body.
Re: Debian Security ~ Intels' ME and likewise
^ I don't rent space to anyone in my head.
- Anonymous
The human race will never stop being entertaining... even if it's in strange ways.
- Sarah Denninger
In the end everything will to be ok. And if it's not ok, it's not the end.
- John Paul Dejoria
- Anonymous
The human race will never stop being entertaining... even if it's in strange ways.
- Sarah Denninger
In the end everything will to be ok. And if it's not ok, it's not the end.
- John Paul Dejoria