Posted on 01/12/2018 10:50:57 AM PST by Ernest_at_the_Beach
F-Secure has reported another serious flaw in Intel hardware, which could enable hackers to access corporate laptops. Standard password of Intels Management Engine BIOS Extension are rarely changed and can invoke business laptops vulnerable to unauthorized remote access, claims F-Secure.
Intels Management Engine BIOS Extension, or MEBx, contains the standard log-in combination 'admin', 'admin' and because many users simply do not change it, according to F-Secure this opens the door to an easy to set-up attack. Attackers can open the BIOS Extension during startup with Ctrl + P, even if the user has set a bios password. Then they can manage settings of the Management Engine, reports dw.com.
"The issue potentially affects millions of laptops globally," said F-Secure consultant Harry Sintonen, who discovered the flaw. "It's of an almost shocking simplicity, but its destructive potential is unbelievable."
Ping!...................
admin /admin. Seems legit.
All the big players agreed so the Clinton admin backed down on their drive for the Clipper Chip.
Yes, that is exposure, but unless someone has physical access to the machine, not really a big deal. This won’t be an issue just from grabbing some malware.
And of course, those who are concerned can change the password. I understand that some important people use p@ssword.
“once an attacker had the chance to reconfigure AMT (for which he would initially need physical access to the device in question)”
—
Pro tip: Don’t give you PCs or other devices to cyber criminals to monkey with.
“I understand that some important people use p@ssword.”
—
“asdf” and “12345” works for me!
Change the BIOS password at your peril if you change it and lose or forget it and have to get into the BIOS you are screwed but good.
[[I understand that some important people use p@ssword]]
I’m smart- I use p@zzword
Oh darn it- forget i just said that
And be careful where you drop it off for service.
I don’t mess with that for good reason.
"1-2-3-4-5"?!
That sounds like the password an IDIOT would have on his luggage!
(note to self: change password)
ah, so was that the huge update I had today?
Backdoor with a Democrap in the White House: Good
Backdoor with a Republican in the White House: Bad
I see how it works.
Government does not have a problem getting to anyone’s machines if they want to.
You got it. Give yourself a little gold star.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.