Reuters is today saying that US businesses have been warned to check for vulnerabilities in Intel chips embedded in business computers sold by HP, Dell, Lenovo and others ( though there can’t be too many others when preceeeded by the three largest). In my previous post on this I said the discovery matched up with events that led back to when Intel started making chips in China. The Chinese have never been shy about putting things in computers for the good of people who use them, though most of that was software. Apparently, what is good for China is good for the rest of the world.
Intel was quick to say they know of no known use of this vulnerability to gain access to computers. How would they know? It is a vulnerability in the chipset that would show administrator access in an audit log. Most administrators access their computers every day, for long periods of time. It may be recorded by audit software, but would seldom be seen as unusual. That is what makes it so useful as a hacking tool. Their second feint was the old “well you have to have it set for remote access and have the password and user name of the administrator” thinking we would buy that as something that was very hard to get. Come on, not even children believe that fairytale. That is what root kits do and there must be a few hundred of them around that work pretty well. Administrators must not use remote access where these fairies live.
Nobody has said yet (it may still come) that this Homeland Security warning was issued “out of an abundance of caution” rather than known exploits they have seen. As one comment said, “This has been going on for 7 years and nobody (at Intel) found it?” It is not so easy to find. It is built in.
The great harm in this kind of exploit is that nobody will ever know how much damage has been done by root access to so many computers, over such a long time. Patching this is not something that should make a user feel good.
Most businesses do not allow such things to happen because it does tremendous damage to a company’s business reputation.
No comments:
Post a Comment