[Freedombox-discuss] Without software collusion
Ben Mendis
dragonwisard at gmail.com
Thu Jun 28 19:58:48 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, 28 Jun 2012, Tim Schmidt wrote:
> On Thu, Jun 28, 2012 at 3:46 PM, Rick Hodgin <foxmuldrster at yahoo.com> wrote:
>> It begs the question: If Intel can use vPro to access a dead, non-response system (the OS has crashed, which was their big sales pitch during its initial introduction) and manage a reboot or capture a debug image of memory and hard disk data, what's to keep them from doing the same while the system hasn't crashed?
>
> Any $25 wireless router. Best practice is to default-deny incoming
> connection attempts. I've never seen a wireless router default to a
> less sensible policy.
Indeed, vPro can only work if the adversary is on the same network
segment and send packets that the NIC can hear. We're all professionals
here, we know that security works in layers. If you stick a $25 router
in front of your box then there's no way for those vPro control packets
to reach your NIC, so there's no way for vPro to get activated.
Problem solved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEcBAEBAgAGBQJP7Ld4AAoJEMco5sYyM+0wRlkIALR89PralpuiWSvA4JTPjNjY
0SA3TaDLqs2O8Dwftduz+bUg58Vole9PECUZyopY5sYsfY6wwPmg98ARaGbVUXjZ
FqOTMmB3xi4WM0R0VBXbUjFxClc+69MnPYwgJ6QKGyYRQhgF8GGyQbgPhH9vt8II
amh7x+TpteA6REfhsB82BtVXeLfoB1t1difi7yd3qA3kyaLvTT7JpbwS/v2Oiobc
jtcBjJ59Ajr/dC7M2LjLZX/+BO/7qYINXVo0bJY8XQ8eEnBwyInk8krB86mXiXTr
g9t7vUBHcAKRZVF8OCaxsFBshnEVvCcLnKCl0J+gAiCdlemKDD10CCAsY8rME4g=
=YXn9
-----END PGP SIGNATURE-----
More information about the Freedombox-discuss
mailing list