[Freedombox-discuss] Without software collusion

Eugen Leitl eugen at leitl.org
Fri Jun 29 06:30:10 UTC 2012


On Thu, Jun 28, 2012 at 03:53:43PM -0400, Tim Schmidt wrote:
> On Thu, Jun 28, 2012 at 3:46 PM, Rick Hodgin <foxmuldrster at yahoo.com> wrote:
> > It begs the question:  If Intel can use vPro to access a dead, non-response system (the OS has crashed, which was their big sales pitch during its initial introduction) and manage a reboot or capture a debug image of memory and hard disk data, what's to keep them from doing the same while the system hasn't crashed?
> 
> Any $25 wireless router.  Best practice is to default-deny incoming
> connection attempts.  I've never seen a wireless router default to a
> less sensible policy.

vPRO cannot be used by local malware for privilege elevation, right?

But it allows to do so over the network, allowing you to compromise anything
reachable on the local LAN, correct? Is there any known malware utilizing this?



More information about the Freedombox-discuss mailing list