PC security public service announcement

The place for you to catch the latest news
User avatar
Yeshe McGermot
Novice
Novice
Posts: 55
Joined: Thu Aug 31, 2017 3:39 pm
CMDR: Yeshe McGermot
CMDR_Platform: None Specified
Contact:

PC security public service announcement

Postby Yeshe McGermot » Sun Nov 26, 2017 2:17 pm

Hello fellow commanders,

In case you aren't aware, yet. Numerous security vulnerabilities have been found in Intel chipsets. A large number of hardware products is affected.

This is huge, because it allows attacks from the internet as soon as you are connected. Patching Windows or similar can not secure your system, because the vulnerabilities are within the firmware on the mainboards.

Fortunately there are patches available for most mainboards, servers, routers etc. already.
I urge everyone with an Intel chipset on their mainboard to check if the product is affected and to patch as soon as possible.
I'll link the official page on Intel's website but I advise anyone to check back with security experts you know and trust and google for yourselves.

https://www.intel.com/content/www/us/en ... tware.html

I can't stress enough how critical this is and we can expect a gigantic shitstorm of worms, viruses, backddoors and whatnot now, that the details of these vulnerabilities are public.

Fly safe!
/Yeshe
"I can slump on my couch with a beer and chips and no pants on - the typical uniform of any good space trucker."
Joel Peterson, Destructoid

User avatar
Cmdr Kharma
Dangerous
Dangerous
Posts: 3776
Joined: Thu Sep 18, 2014 7:28 pm
CMDR: Kharma
CMDR_Platform: PC-MAC
Contact:

Re: PC security public service announcement

Postby Cmdr Kharma » Sun Nov 26, 2017 5:43 pm

pass.jpg
pass.jpg (91.1 KiB) Viewed 3590 times
Image

Tor.....Hold on.......Tor.......Wait a bit.....TOR will you stop fecking firing.......Ok......Tor I know a therapist that can help you....... :D My Cmdr also has small feet

TorTorden
Deadly
Deadly
Posts: 4021
Joined: Mon Jun 01, 2015 11:13 am
CMDR: TorTorden
CMDR_Platform: None Specified
Contact:

Re: PC security public service announcement

Postby TorTorden » Sun Nov 26, 2017 5:45 pm

Well, at least there is one bonus to buying AMD.
Image

Hey I'm Thor -
People call me Bob.

Rule 1: Pillage. Then burn.
Rule 2: No such thing as overkill, as long as there are reloads.

User avatar
Cmdr Kharma
Dangerous
Dangerous
Posts: 3776
Joined: Thu Sep 18, 2014 7:28 pm
CMDR: Kharma
CMDR_Platform: PC-MAC
Contact:

Re: PC security public service announcement

Postby Cmdr Kharma » Sun Nov 26, 2017 5:47 pm

Yep....

But thought I'd better check the old box as going to use for CAD-CAM shit...........
Image

Tor.....Hold on.......Tor.......Wait a bit.....TOR will you stop fecking firing.......Ok......Tor I know a therapist that can help you....... :D My Cmdr also has small feet

TorTorden
Deadly
Deadly
Posts: 4021
Joined: Mon Jun 01, 2015 11:13 am
CMDR: TorTorden
CMDR_Platform: None Specified
Contact:

Re: PC security public service announcement

Postby TorTorden » Sun Nov 26, 2017 5:54 pm

Cmdr Kharma wrote:Yep....

But thought I'd better check the old box as going to use for CAD-CAM shit...........


Also if not actual CPU architecture etc, could be all kinds of other Intel chips in things.

Also.

Image
Image

Hey I'm Thor -
People call me Bob.

Rule 1: Pillage. Then burn.
Rule 2: No such thing as overkill, as long as there are reloads.

User avatar
DarkMere
Master
Master
Posts: 913
Joined: Sat Apr 22, 2017 10:46 am
CMDR: DarkMere
CMDR_Platform: PC-MAC
Contact:

Re: PC security public service announcement

Postby DarkMere » Mon Nov 27, 2017 10:38 am

My system is identified as being vulnerable :(

Been in touch with my system manufacturer which is a small(ish) UK firm, they say its an Intel issue. Been in touch with Intel, they say if my manufacturer is not on their current fix list, to get in touch with the manufacturer. Intel say more manufacturers will be added to their fix list as time goes on. Intel also say I can contact another Intel section if my manufacturer is not on their list. But every live chat contact is down.

As someone who is not so very PC technical, I feel like I am left with my ass hanging out.
Image

TorTorden
Deadly
Deadly
Posts: 4021
Joined: Mon Jun 01, 2015 11:13 am
CMDR: TorTorden
CMDR_Platform: None Specified
Contact:

Re: PC security public service announcement

Postby TorTorden » Mon Nov 27, 2017 11:24 am

Well my machine is about two weeks old.
I build myself.
So my guess it's primarily a motherboard and BIOS patch if not I'm sadly out of guesses.

But I suspect that's where I would start, updating bios via the manufacturer, that being Asus, MSI or Gigabyte etc.
As for how I would point you to your manual and say it isn't difficult but some care need to be taken.
Image

Hey I'm Thor -
People call me Bob.

Rule 1: Pillage. Then burn.
Rule 2: No such thing as overkill, as long as there are reloads.

User avatar
Yeshe McGermot
Novice
Novice
Posts: 55
Joined: Thu Aug 31, 2017 3:39 pm
CMDR: Yeshe McGermot
CMDR_Platform: None Specified
Contact:

Re: PC security public service announcement

Postby Yeshe McGermot » Wed Nov 29, 2017 5:13 pm

DarkMere wrote:My system is identified as being vulnerable...

TorTorden wrote:So my guess it's primarily a motherboard and BIOS patch if not I'm sadly out of guesses.

This has little (nothing?) to do with the BIOS.
It is a patch for the Intel-Chipset _on_ the motherboard.
It's provided by Intel, but the manufacturer of the motherboard has to provide the delivery method, aka the patch program.
TorTorden wrote:But I suspect that's where I would start, updating bios via the manufacturer, that being Asus, MSI or Gigabyte etc.

Almost :D
What you do is you search the website of your motherboards manufacturer for said patch program.
My box was vulnerable and I found the patch on ASRock's website with Google within seconds.
When in doubt, contact your motherboards manufacturer by chat or phone, I guess.
"I can slump on my couch with a beer and chips and no pants on - the typical uniform of any good space trucker."
Joel Peterson, Destructoid

TorTorden
Deadly
Deadly
Posts: 4021
Joined: Mon Jun 01, 2015 11:13 am
CMDR: TorTorden
CMDR_Platform: None Specified
Contact:

Re: PC security public service announcement

Postby TorTorden » Wed Nov 29, 2017 5:35 pm

Yeshe McGermot wrote:
DarkMere wrote:My system is identified as being vulnerable...

TorTorden wrote:So my guess it's primarily a motherboard and BIOS patch if not I'm sadly out of guesses.

This has little (nothing?) to do with the BIOS.
It is a patch for the Intel-Chipset _on_ the motherboard.
It's provided by Intel, but the manufacturer of the motherboard has to provide the delivery method, aka the patch program.
TorTorden wrote:But I suspect that's where I would start, updating bios via the manufacturer, that being Asus, MSI or Gigabyte etc.

Almost :D
What you do is you search the website of your motherboards manufacturer for said patch program.
My box was vulnerable and I found the patch on ASRock's website with Google within seconds.
When in doubt, contact your motherboards manufacturer by chat or phone, I guess.

Good to know.
At least it's patch able, or people would have to send their hardware in for a recall if it was deep enough.

That would not be fun.
And a significant amount of people wouldn't bother, leaving more exploitable systems in the wild.
Image

Hey I'm Thor -
People call me Bob.

Rule 1: Pillage. Then burn.
Rule 2: No such thing as overkill, as long as there are reloads.

LeDoyen
Expert
Expert
Posts: 342
Joined: Fri Jul 28, 2017 7:48 pm
CMDR: Le Doyen
CMDR_Platform: PC-MAC
Contact:

Re: PC security public service announcement

Postby LeDoyen » Wed Nov 29, 2017 9:40 pm

afaik you don't need to use the intel drivers provided by the mobo manufacturer. These are always outdated anyway.
I always used the official Intel releases directly (just like you don't use the MSI or ASUS video drivers but use Nvidia releases for example..)


Return to “News and Announcements”

Who is online

Users browsing this forum: No registered users and 76 guests

i